kjanat/livedash-node
1
0
Fork 0
mirror of https://github.com/kjanat/livedash-node.git synced 2026-01-16 13:32:08 +01:00
Code Issues Packages Projects Releases Wiki Activity

fix: address multiple PR review issues

Browse Source 
- Fixed accessibility in audit logs with keyboard navigation and ARIA attributes
- Refactored ThreatAnalysisResults interface to module level for reusability
- Added BatchOperation enum validation and proper CSV escaping in batch monitoring
- Removed unused company state causing skeleton view in dashboard overview
- Enhanced error handling with user-facing messages for metrics loading
- Replaced hardcoded timeouts with condition-based waits in E2E tests
- Removed duplicate state management in security monitoring hooks
- Fixed CSRF documentation to show proper secret fallback pattern
- Updated CSP metrics docs with GDPR Article 6(1)(f) legal basis clarification
- Fixed React hooks order to prevent conditional execution after early returns
- Added explicit button type to prevent form submission behavior
This commit is contained in:
Kaj Kowalski
2025-07-14 00:24:10 +02:00
parent bba79d509b
commit ef1f0769c2
9 changed files with 221 additions and 77 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/CSRF_PROTECTION.md
View File

@ -129,7 +129,7 @@ CSRF_SECRET=your-csrf-secret-key
export const CSRF_CONFIG = {
cookieName: "csrf-token",
headerName: "x-csrf-token",
secret: env.CSRF_SECRET,
secret: env.CSRF_SECRET || env.NEXTAUTH_SECRET,
cookie: {
httpOnly: true,
secure: env.NODE_ENV === "production",

3
docs/csp-metrics-api.md
View File

@ -431,9 +431,10 @@ CSP_ALERT_THRESHOLD=5 # violations per 10 minutes
- **IP addresses** are collected and stored in memory for security monitoring
- **User agent strings** are stored for browser compatibility analysis
- **Legal basis**: Legitimate interest for security incident detection and prevention
- **Legal basis**: Processing is necessary for legitimate interests (GDPR Article 6(1)(f)) - specifically for security incident detection, prevention of CSP bypass attacks, and protection of website integrity
- **Retention**: In-memory storage only, automatically purged after 7 days or application restart
- **Data minimization**: Only violation-related metadata is retained, not page content
- **Balancing test**: The processing is limited to security purposes, uses temporary storage, and employs data minimization principles to ensure user privacy rights are respected
**Planned Privacy Enhancements:**