feat: add origin validation and rate limiting for PDF endpoint
Security enhancements: - Implement origin/referer validation middleware - Add rate limiting (3 requests/min per IP) - Default to production domain (juan.andres.morenorub.io) - Verify all protection mechanisms working correctly Documentation updates: - Update README to reflect personal portfolio nature - Remove template encouragement from README - Add verification status to API-PROTECTION.md - Document ALLOWED_ORIGINS configuration in .env.example Cleanup: - Remove templates.backup/ folder - Remove old test screenshots
This commit is contained in:
juanatsap
+6
-2
@@ -21,8 +21,12 @@ WRITE_TIMEOUT=15
|
||||
# Security Configuration
|
||||
# Allowed origins for API access (comma-separated domains)
|
||||
# Prevents external sites from accessing your API/PDF endpoint
|
||||
# Leave empty for development (allows localhost)
|
||||
# Example for production: ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
|
||||
#
|
||||
# DEFAULT: If empty, defaults to juan.andres.morenorub.io (the CV site domain)
|
||||
# Plus localhost and 127.0.0.1 are always allowed in development
|
||||
#
|
||||
# For custom domains in production: ALLOWED_ORIGINS=yourdomain.com,www.yourdomain.com
|
||||
# Multiple domains: ALLOWED_ORIGINS=domain1.com,domain2.com,www.domain1.com
|
||||
ALLOWED_ORIGINS=
|
||||
|
||||
# Production Settings
|
||||
|
||||
Reference in New Issue
Block a user