Ulas 59791df248 fix: enforce Secure flag on session and CSRF cookies by default ...

Cookies were sent without Secure flag outside of production (NODE_ENV check).
New logic: secure=true by default; set SESSION_SECURE=false in .env to
allow HTTP explicitly (local dev without reverse proxy). Affects session
cookie, CSRF cookie in login handler, and CSRF middleware.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>

2026-04-01 18:34:31 +02:00

..

middleware

fix: enforce Secure flag on session and CSRF cookies by default

2026-04-01 18:34:31 +02:00

routes

fix: address CodeQL security findings (v0.5.2)

2026-04-01 18:30:03 +02:00

services

feat: Apple CalDAV credentials form + connect/disconnect UI (BL-04)

2026-03-31 10:27:07 +02:00

auth.js

fix: enforce Secure flag on session and CSRF cookies by default

2026-04-01 18:34:31 +02:00

db-schema-test.js

feat: Schritte 14–15 — Google Calendar OAuth + Apple CalDAV Sync + Settings-Seite

2026-03-24 22:53:44 +01:00

db.js

feat(budget): auto-generate recurring entry instances per month

2026-03-31 10:13:37 +02:00

index.js

fix: address CodeQL security findings (v0.5.2)

2026-04-01 18:30:03 +02:00