3 Commits

Author	SHA1	Message	Date
Torsten Schulz (local)	e7e9d7815c	Refactor CORS header handling in authentication endpoints ... Update the CORS header variable name from 'origin' to 'requestOrigin' in both login and registration API endpoints for improved clarity and consistency. This change enhances the readability of the code while maintaining support for cross-device authentication.	2026-01-07 21:02:58 +01:00
Torsten Schulz (local)	ad21534862	Add CORS support for Cross-Device Authentication in passkey handling ... Enhance authentication options in the server API by adding CORS headers to support cross-device authentication. Implement handling for preflight OPTIONS requests and increase timeout for registration and authentication processes to 5 minutes, improving user experience and compatibility across devices.	2026-01-07 20:59:48 +01:00
Torsten Schulz (local)	673c34ac9d	Update Apache SSL configuration and enhance security features across multiple files. Changed X-Frame-Options to SAMEORIGIN for better security, added optional Content Security Policy headers for testing, and improved password handling with HaveIBeenPwned checks during user registration and password reset. Implemented passkey login functionality in the authentication flow, including UI updates for user experience. Enhanced image upload processing with size limits and validation, and added rate limiting for various API endpoints to prevent abuse.	2026-01-05 11:50:57 +01:00