SilverLABS/littleshop
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
d343037bbd
littleshop/LittleShop
History
SysAdmin d343037bbd Security: Fix critical vulnerabilities and implement security hardening 
CRITICAL SECURITY FIXES:
- Fixed certificate validation bypass vulnerability in BTCPayServerService
  * Removed unsafe ServerCertificateCustomValidationCallback
  * Added environment-specific SSL configuration
  * Production now enforces proper SSL validation

- Fixed overly permissive CORS policy
  * Replaced AllowAnyOrigin() with specific trusted origins
  * Created separate CORS policies for Development/Production/API
  * Configured from appsettings for environment-specific control

- Implemented CSRF protection across admin panel
  * Added [ValidateAntiForgeryToken] to all POST/PUT/DELETE actions
  * Protected 10 admin controllers with anti-forgery tokens
  * Prevents Cross-Site Request Forgery attacks

CONFIGURATION IMPROVEMENTS:
- Created appsettings.Development.json for dev-specific settings
- Added Security:AllowInsecureSSL flag (Development only)
- Added CORS:AllowedOrigins configuration arrays
- Created comprehensive security roadmap (ROADMAP.md)

ALSO FIXED:
- TeleBot syntax errors (Program.cs, MessageFormatter.cs)
- Added enterprise-full-stack-developer output style

Impact: All Phase 1 critical security vulnerabilities resolved
Status: Ready for security review and deployment preparation

🤖 Generated with [Claude Code](https://claude.ai/code)

Co-Authored-By: Claude <noreply@anthropic.com>
2025-09-19 11:56:12 +01:00
..
Areas/Admin Security: Fix critical vulnerabilities and implement security hardening 2025-09-19 11:56:12 +01:00
Controllers Fix BTCPay Server integration for production deployment 2025-09-19 10:21:04 +01:00
Data Implement product variations, enhanced order workflow, mobile responsiveness, and product import system 2025-09-18 01:39:31 +01:00
DTOs Implement product variations, enhanced order workflow, mobile responsiveness, and product import system 2025-09-18 01:39:31 +01:00
Enums Implement product variations, enhanced order workflow, mobile responsiveness, and product import system 2025-09-18 01:39:31 +01:00
Mapping Add customer communication system 2025-08-27 18:02:39 +01:00
Models Implement product variations, enhanced order workflow, mobile responsiveness, and product import system 2025-09-18 01:39:31 +01:00
Services Security: Fix critical vulnerabilities and implement security hardening 2025-09-19 11:56:12 +01:00
TestAgent_Results Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
Validators Implement complete e-commerce functionality with shipping and order management 2025-08-20 17:37:24 +01:00
wwwroot Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
.dockerignore Add customer communication system 2025-08-27 18:02:39 +01:00
admin-cookies.jar Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
admin-test.jar Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
appsettings.Development.json Security: Fix critical vulnerabilities and implement security hardening 2025-09-19 11:56:12 +01:00
appsettings.Hostinger.json Update BTCPay integration with production credentials and deployment documentation 2025-09-19 11:17:43 +01:00
appsettings.json "Royal-Mail-shipping-integration-and-test-improvements" 2025-09-08 03:53:28 +01:00
appsettings.Production.json Update LittleShop configuration and deployment files 2025-09-18 19:27:58 +01:00
appsettings.Production.json.bak final 2025-08-27 22:19:39 +01:00
cookies.jar Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
cookies.txt Implement product variations, enhanced order workflow, mobile responsiveness, and product import system 2025-09-18 01:39:31 +01:00
Dockerfile Add customer communication system 2025-08-27 18:02:39 +01:00
littleshop-wizard-fixed.tar.gz Add customer communication system 2025-08-27 18:02:39 +01:00
LittleShop.csproj Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
littleshop.db.backup Update LittleShop configuration and deployment files 2025-09-18 19:27:58 +01:00
new-admin.jar Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
packages-microsoft-prod.deb Implement complete e-commerce functionality with shipping and order management 2025-08-20 17:37:24 +01:00
Program.cs Security: Fix critical vulnerabilities and implement security hardening 2025-09-19 11:56:12 +01:00
runtime-cookies.txt Add customer communication system 2025-08-27 18:02:39 +01:00
test-cookies.txt Add customer communication system 2025-08-27 18:02:39 +01:00
test-new-admin.jar Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
test-session.jar Initial commit of LittleShop project (excluding large archives) 2025-09-17 15:07:38 +01:00
test-session.txt Add customer communication system 2025-08-27 18:02:39 +01:00
test-wizard.html Add customer communication system 2025-08-27 18:02:39 +01:00
wizard-result.html Add customer communication system 2025-08-27 18:02:39 +01:00
wizard.html Add customer communication system 2025-08-27 18:02:39 +01:00