jennie/ghostguild-org
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
ghostguild-org/server/middleware
History
Jennie Robinson Faber ba92075366 Fix OIDC issuer generating http:// URLs in production 
The OIDC provider was falling back to config.public.appUrl for its
issuer, which could resolve to an http:// URL. This caused the logout
form action to use http://, violating the CSP form-action directive.
Hardcode the issuer fallback to https://ghostguild.org.
2026-03-05 22:42:12 +00:00
..
01.csrf.js Add OIDC provider for Outline wiki SSO 2026-03-01 15:46:01 +00:00
02.security-headers.js Fix OIDC issuer generating http:// URLs in production 2026-03-05 22:42:12 +00:00
03.rate-limit.js Implement OWASP ASVS L1 security remediation (Phases 0-2) 2026-03-01 12:53:18 +00:00