marcel/familienarchiv
1
0
Fork 0
Code Issues 105 Pull Requests 1 Actions Packages Projects Releases Wiki Activity
Files
5ad5f82864d7cb2d81a90bfc8891860964e7c96f
familienarchiv/frontend/src
History
Marcel 19e2f65a21
Some checks failed
CI / fail2ban Regex (pull_request) Has been cancelled
Details
CI / Semgrep Security Scan (pull_request) Has been cancelled
Details
CI / Compose Bucket Idempotency (pull_request) Has been cancelled
Details
CI / Backend Unit Tests (pull_request) Has been cancelled
Details
CI / Unit & Component Tests (push) Has been cancelled
Details
CI / OCR Service Tests (push) Has been cancelled
Details
CI / Backend Unit Tests (push) Has been cancelled
Details
CI / fail2ban Regex (push) Has been cancelled
Details
CI / Semgrep Security Scan (push) Has been cancelled
Details
CI / Compose Bucket Idempotency (push) Has been cancelled
Details
CI / Unit & Component Tests (pull_request) Successful in 3m34s
Details
CI / OCR Service Tests (pull_request) Successful in 20s
Details
fix(csrf): send X-XSRF-TOKEN on all client-side mutating fetch calls 
hooks.server.ts already forwards the CSRF token for server-side fetch
(form actions, load). Client-side XHR calls bypassed it, causing Spring
Security to return 403 before PermissionAspect even ran.

Adds getCsrfToken/withCsrf/makeCsrfFetch to cookies.ts.
useTranscriptionBlocks wraps its injectable fetchImpl with makeCsrfFetch
(covers all block mutations and saveBlockWithConflictRetry).
useBlockAutoSave, TranscriptionEditView, BulkDocumentEditLayout,
OcrTrainingCard, and SegmentationTrainingCard apply withCsrf inline.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-20 20:35:51 +02:00
..
__meta__
test(meta): add duplicate-id vi.mock detector under __meta__/
2026-05-13 08:06:14 +02:00
lib
fix(csrf): send X-XSRF-TOKEN on all client-side mutating fetch calls
2026-05-20 20:35:51 +02:00
routes
fix(notification): address review suggestions
2026-05-20 20:35:51 +02:00
app.d.ts
feat(observability): add App.Error interface with errorId to app.d.ts
2026-05-17 09:40:12 +02:00
app.html
feat(nav): add ThemeToggle component with moon/sun icons and no-flash script
2026-03-25 13:47:56 +01:00
hooks.client.test.ts
test(observability): add hooks.client.test.ts unit tests for handleError callback
2026-05-17 10:25:30 +02:00
hooks.client.ts
refactor(observability): lower trace sample rate, add DSN comment, improve status visibility
2026-05-17 10:27:01 +02:00
hooks.server.test.ts
test(auth): userGroup hook redirect + cookie cleanup coverage
2026-05-17 22:50:41 +02:00
hooks.server.ts
fix(auth): tighten API URL match, add Retry-After header, and add missing tests
2026-05-19 09:23:01 +02:00
hooks.ts
restructure: flatten workspace nesting, move devcontainer to root
2026-03-15 11:47:58 +01:00
test-setup.ts
test(setup): also disable data-sveltekit-preload-code in browser tests
2026-05-12 22:32:03 +02:00