diff options
| author | Fuwn <[email protected]> | 2026-02-07 05:41:07 -0800 |
|---|---|---|
| committer | Fuwn <[email protected]> | 2026-02-07 05:41:07 -0800 |
| commit | a1a405e56a0907ed44bfaba721e0ea632e051141 (patch) | |
| tree | 99621f7c1407eed732eeb5742fc7458c14ee6d48 /apps/web/app/globals.css | |
| parent | security: remove unsafe-eval CSP, fix host header injection, harden API routes (diff) | |
| download | asa.news-a1a405e56a0907ed44bfaba721e0ea632e051141.tar.xz asa.news-a1a405e56a0907ed44bfaba721e0ea632e051141.zip | |
fix: resolve 6 pre-ship audit bugs
- Webhook entry identifier: use entry GUID instead of feed identifier
- Optimistic rollback: add previousTimeline snapshot and onError handler
to both useToggleEntryReadState and useToggleEntrySavedState
- Rate limiter memory leak: delete Map entries when window expires,
use else-if to avoid re-setting after delete
- Entries API limit param: use Number.isFinite guard instead of falsy
coercion that treats 0 as default
- PWA manifest: add PNG raster icon routes (192x192, 512x512) for
devices that don't support SVG icons
- Billing webhook: throw on DB errors and return 500 so Stripe retries
failed events instead of silently losing them
Diffstat (limited to 'apps/web/app/globals.css')
0 files changed, 0 insertions, 0 deletions