Hinotobi 2b0e62f679 [security] fix(auth): reject cross-site auth POSTs (#2740) ...

* fix(security): reject cross-site auth posts

* fix(auth): align secure cookie proxy scheme handling

---------

Co-authored-by: Willem Jiang <willem.jiang@gmail.com>

2026-05-07 07:58:06 +08:00

..

auth

fix(security): harden auth system and fix run journal logic bug (#2593)

2026-04-28 11:34:07 +08:00

routers

feat(agent): add custom-agent self-updates with user isolation (#2713)

2026-05-05 23:17:42 +08:00

__init__.py

refactor: split backend into harness (deerflow.*) and app (app.*) (#1131)

2026-03-14 22:55:52 +08:00

app.py

fix(config): unify log_level from config.yaml across Gateway and debug entry points (#2601)

2026-04-30 22:27:14 +08:00

auth_middleware.py

feat: implement process-local internal authentication for Gateway and enhance CSRF handling

2026-04-26 22:20:57 +08:00

authz.py

fix(security): harden auth system and fix run journal logic bug (#2593)

2026-04-28 11:34:07 +08:00

config.py

fix(security): allow disabling API docs in production via GATEWAY_ENABLE_DOCS (#2651)

2026-04-30 10:58:32 +08:00

csrf_middleware.py

[security] fix(auth): reject cross-site auth POSTs (#2740)

2026-05-07 07:58:06 +08:00

deps.py

refactor: thread release config through lead path (#2612)

2026-04-28 14:53:18 +08:00

internal_auth.py

feat: implement process-local internal authentication for Gateway and enhance CSRF handling

2026-04-26 22:20:57 +08:00

langgraph_auth.py

fix(security): harden auth system and fix run journal logic bug (#2593)

2026-04-28 11:34:07 +08:00

path_utils.py

feat(persistence): per-user filesystem isolation, run-scoped APIs, and state/history simplification (#2153)

2026-04-26 11:13:01 +08:00

services.py

fix(agents): propagate agent_name into ToolRuntime.context for setup_agent (#2679)

2026-05-01 16:00:11 +08:00

utils.py

feat(persistence): add unified persistence layer with event store, token tracking, and feedback (#1930)

2026-04-26 11:05:47 +08:00