mai
/
posimai-root
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity
posimai-root/posimai-dev
History
posimai 33100d9efc security(posimai-dev): セッション API パストラバーサル修正 
/api/sessions/:id で path.join 後に SESSIONS_DIR 外への逸脱を検証。
正常な ID(UUID 等)には影響なし。requireLocal により localhost/Tailscale 限定だが念のため多層防御。
 		2026-04-24 20:48:06 +09:00
..
.gitignore security(dev): SSRF fix, WS limit, log rotation, BIND_HOST, sw.js API cache skip, .gitignore 2026-04-24 16:44:01 +09:00
favicon.svg fix: Posimai API check via /api/vps-health proxy, add favicon 2026-04-02 19:36:18 +09:00
index.html fix(security): add SRI to xterm CDN, add manifest id, noreferrer to target=_blank 2026-04-17 18:42:38 +09:00
manifest.json fix(security): add SRI to xterm CDN, add manifest id, noreferrer to target=_blank 2026-04-17 18:42:38 +09:00
package-lock.json feat(ext): integrate rule engine — scan works without API key 2026-04-14 23:05:19 +09:00
package.json
posimai-dev.service
server.js security(posimai-dev): セッション API パストラバーサル修正 2026-04-24 20:48:06 +09:00
sessions.html fix(dev): replace hardcoded #F3F4F6 with var(--text), scope header/icon-btn overrides 2026-04-24 16:33:27 +09:00
setup-kiosk.sh
station-b.html fix(security): add SRI to xterm CDN, add manifest id, noreferrer to target=_blank 2026-04-17 18:42:38 +09:00
station.html fix(security): add SRI to xterm CDN, add manifest id, noreferrer to target=_blank 2026-04-17 18:42:38 +09:00
sw.js security(dev): SSRF fix, WS limit, log rotation, BIND_HOST, sw.js API cache skip, .gitignore 2026-04-24 16:44:01 +09:00