familienarchiv

Author	SHA1	Message	Date
Marcel	19e2f65a21	fix(csrf): send X-XSRF-TOKEN on all client-side mutating fetch calls Some checks failed CI / Unit & Component Tests (push) Has been cancelled Details CI / OCR Service Tests (push) Has been cancelled Details CI / Backend Unit Tests (push) Has been cancelled Details CI / fail2ban Regex (push) Has been cancelled Details CI / Semgrep Security Scan (push) Has been cancelled Details CI / Compose Bucket Idempotency (push) Has been cancelled Details CI / Unit & Component Tests (pull_request) Successful in 3m34s Details CI / OCR Service Tests (pull_request) Successful in 20s Details CI / fail2ban Regex (pull_request) Has been cancelled Details CI / Semgrep Security Scan (pull_request) Has been cancelled Details CI / Compose Bucket Idempotency (pull_request) Has been cancelled Details CI / Backend Unit Tests (pull_request) Has been cancelled Details hooks.server.ts already forwards the CSRF token for server-side fetch (form actions, load). Client-side XHR calls bypassed it, causing Spring Security to return 403 before PermissionAspect even ran. Adds getCsrfToken/withCsrf/makeCsrfFetch to cookies.ts. useTranscriptionBlocks wraps its injectable fetchImpl with makeCsrfFetch (covers all block mutations and saveBlockWithConflictRetry). useBlockAutoSave, TranscriptionEditView, BulkDocumentEditLayout, OcrTrainingCard, and SegmentationTrainingCard apply withCsrf inline. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-20 20:35:51 +02:00
Marcel	d6db7a07bd	refactor: move shared utilities to lib/shared/ sub-packages Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-05 14:35:15 +02:00
Marcel	920742ba1c	refactor: move ocr domain components to lib/ocr/ Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>	2026-05-05 14:23:55 +02:00

3 Commits