Private
Public Access
1
0
Commit Graph

2 Commits

Author SHA1 Message Date
Catherine Renelle 0852d5a804 Add CSP/HSTS headers, attachment extension whitelist, and upload rate limiting
- Add Content-Security-Policy and Strict-Transport-Security headers
- Whitelist allowed file extensions on attachment uploads
- Add rate limiting to password change (5/5min) and file uploads (20/60s)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-03-07 19:25:02 -05:00
Catherine Renelle 1419300baa Add account settings page with profile, password, and session management
- /account page: edit name/email, change password, view/revoke sessions
- PATCH /api/account: update profile or change password (verifies current)
- DELETE /api/account: revoke all other sessions
- Password change auto-revokes other sessions for security
- Username in nav now links to /account (desktop + mobile)

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
2026-02-26 08:22:34 -05:00