HOA_Financial_Platform

JoeBot/HOA_Financial_Platform

Fork 0

Author	SHA1	Message	Date
olsch01	61a4f27af4	security: address assessment findings and bump to v2026.3.11 - C1: Disable Swagger UI in production (env gate) - M1+M2: Add Helmet.js for security headers (CSP, X-Frame-Options, X-Content-Type-Options, Referrer-Policy) and remove X-Powered-By - H2: Add @nestjs/throttler rate limiting (5 req/min on login/register) - M4: Remove orgSchema from JWT payload and client-side storage; tenant middleware now resolves schema from orgId via cached DB lookup - L1: Fix Chatwoot user identification (read from auth store on ready) - Remove schemaName from frontend Organization type and UI displays Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>	2026-03-11 15:22:58 -04:00

Author

SHA1

Message

Date

olsch01

61a4f27af4

security: address assessment findings and bump to v2026.3.11

- C1: Disable Swagger UI in production (env gate)
- M1+M2: Add Helmet.js for security headers (CSP, X-Frame-Options,
  X-Content-Type-Options, Referrer-Policy) and remove X-Powered-By
- H2: Add @nestjs/throttler rate limiting (5 req/min on login/register)
- M4: Remove orgSchema from JWT payload and client-side storage;
  tenant middleware now resolves schema from orgId via cached DB lookup
- L1: Fix Chatwoot user identification (read from auth store on ready)
- Remove schemaName from frontend Organization type and UI displays

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-11 15:22:58 -04:00

Compare commits

1 Commits

208c1dd7bc ... claude/ecs

Diff Content Not Available

Compare commits

1 Commits 208c1dd7bc ... claude/ecs

Diff Content Not Available

1 Commits

208c1dd7bc ... claude/ecs