multica

History

yushen b9a4fa1a6d fix(auth): add CSRF state param, scheme validation, and .envrc to gitignore Add state parameter to CLI browser login flow for CSRF protection — CLI generates a random state, frontend passes it through, CLI verifies on callback. Also restrict cli_callback to http: scheme only. Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>	2026-03-26 15:04:46 +08:00
..
web	fix(auth): add CSRF state param, scheme validation, and .envrc to gitignore	2026-03-26 15:04:46 +08:00

yushen b9a4fa1a6d fix(auth): add CSRF state param, scheme validation, and .envrc to gitignore

Add state parameter to CLI browser login flow for CSRF protection — CLI
generates a random state, frontend passes it through, CLI verifies on
callback. Also restrict cli_callback to http: scheme only.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>

2026-03-26 15:04:46 +08:00

web

fix(auth): add CSRF state param, scheme validation, and .envrc to gitignore

2026-03-26 15:04:46 +08:00