txeo/cv-site
1
1
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
130 Commits 1 Branch 2 Tags
ea6ccf9cdd9308578d883bdad886ea9c172c707d
Commit Graph

2 Commits

Author SHA1 Message Date
juanatsap ea6ccf9cdd feat: add origin validation and rate limiting for PDF endpoint 
Security enhancements:
- Implement origin/referer validation middleware
- Add rate limiting (3 requests/min per IP)
- Default to production domain (juan.andres.morenorub.io)
- Verify all protection mechanisms working correctly

Documentation updates:
- Update README to reflect personal portfolio nature
- Remove template encouragement from README
- Add verification status to API-PROTECTION.md
- Document ALLOWED_ORIGINS configuration in .env.example

Cleanup:
- Remove templates.backup/ folder
- Remove old test screenshots
 2025-11-09 14:13:22 +00:00
juanatsap 24b2401519 feat: add origin validation and rate limiting for PDF endpoint 
- Implemented origin checker middleware to prevent external sites from hotlinking the PDF generation endpoint
- Added rate limiter (3 requests per minute per IP) to protect resource-intensive PDF operations
- Configured allowed origins via ALLOWED_ORIGINS environment variable with localhost defaults for development
 2025-11-09 14:00:10 +00:00