posimai 9e6a2987ed fix: security hardening - XSS, SSRF, proxy auth, Syncthing config ... - server.js: add escapeHtml() and apply to meta.title / error messages (XSS) - server.js: add startup error log when JWT_SECRET uses insecure default - posimai-dev/server.js: add URL validation to /api/check to block SSRF (blocks cloud metadata IPs, non-http/https protocols) - ponshu_room_lite/tools/proxy/server.js: remove auth bypass when PROXY_AUTH_TOKEN is unset; server now exits on startup if token missing - .gitignore: add *.sync-conflict-* to prevent Syncthing conflict files - .stignore: create Syncthing ignore file to exclude .git, node_modules, .env from sync (fixes root cause of .git directory sync-conflict files) Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>		2026-04-03 08:15:45 +09:00
..
favicon.svg	fix: Posimai API check via /api/vps-health proxy, add favicon	2026-04-02 19:36:18 +09:00
index.html	fix(posimai-dev): aurora visibility, scrollbar styling	2026-03-31 07:26:06 +09:00
manifest.json	feat: add posimai-dev — self-hosted terminal portal with xterm.js	2026-03-30 23:23:28 +09:00
package.json	feat: add posimai-dev — self-hosted terminal portal with xterm.js	2026-03-30 23:23:28 +09:00
posimai-dev.service	fix: systemd service — correct node path to /usr/bin/node	2026-03-31 00:28:52 +09:00
server.js	fix: security hardening - XSS, SSRF, proxy auth, Syncthing config	2026-04-03 08:15:45 +09:00
sessions.html	feat(posimai-dev): add sessions viewer, chat bar, Claude button, session logging	2026-03-31 00:42:16 +09:00
setup-kiosk.sh	fix: handle destroyed logStream in pty, update kiosk URL to https:3333	2026-03-31 13:37:38 +09:00
station-b.html	fix: remove ubuntu pc binbars, reduce machines gap to 8px	2026-04-03 00:56:32 +09:00
station.html	fix: Posimai API check via /api/vps-health proxy, add favicon	2026-04-02 19:36:18 +09:00
sw.js	feat: add posimai-dev — self-hosted terminal portal with xterm.js	2026-03-30 23:23:28 +09:00