jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ghostguild-org/server/middleware
History
Jennie Robinson Faber e3410c52a5
Some checks failed
Test / vitest (push) Successful in 11m5s
Details
Test / playwright (push) Failing after 9m24s
Details
Test / visual (push) Failing after 9m20s
Details
Test / Notify on failure (push) Successful in 3s
Details
fix(csp): allow secure.helcim.app for HelcimPay.js 
The HelcimPay modal loads from secure.helcim.app, but the CSP only
listed myposjs.helcim.com (script/connect) and secure.helcim.com
(frame, likely a stale typo). Add secure.helcim.app to script-src,
connect-src, and frame-src so the join flow's payment modal can load.
2026-04-26 15:59:36 +01:00
..
01.csrf.js fix(csrf): exempt /api/internal/ from double-submit check 2026-04-26 13:16:11 +01:00
02.security-headers.js fix(csp): allow secure.helcim.app for HelcimPay.js 2026-04-26 15:59:36 +01:00
03.rate-limit.js fix: use private helcimApiToken for all server-side Helcim API calls 2026-04-04 13:37:34 +01:00