Harden security, modularize API bootstrap, and fix scale SSE auth.
Block web access to sensitive paths, require API_TOKEN for mutations, encrypt GitHub issue credentials in .env, auto-provision tokens for same-origin clients, and pass api_token in scale relay URLs since EventSource cannot send headers. Co-authored-by: Cursor <cursoragent@cursor.com>
This commit is contained in:
dadaloop82
@@ -0,0 +1,2 @@
|
||||
# Deny all direct HTTP access to runtime data (DB, tokens, caches, logs)
|
||||
Require all denied
|
||||
Reference in New Issue
Block a user