| Commit message (Collapse) | Author | Age | Files | Lines | |
|---|---|---|---|---|---|
| * | security: remove unsafe-eval CSP, fix host header injection, harden API routes | Fuwn | 2026-02-07 | 1 | -1/+1 |
| | | | | | | | | | - Remove unsafe-eval from script-src CSP (not needed in production) - Replace Host/Origin header fallback with NEXT_PUBLIC_APP_URL in share and checkout routes to prevent host header injection - Add .catch() to request.json() in share POST and PATCH routes - Add rate limiting (3/min) to account deletion endpoint | ||||
| * | feat: asa.news RSS reader with developer tier, REST API, and webhooks | Fuwn | 2026-02-07 | 1 | -0/+54 |
| Full-stack RSS reader SaaS: Supabase + Next.js + Go worker. Includes three subscription tiers (free/pro/developer), API key auth, read-only REST API, webhook push notifications, Stripe billing with proration, and PWA support. | |||||