media-rip

xpltdco/media-rip

Fork 0

mirror of https://github.com/xpltdco/media-rip.git synced 2026-04-03 10:54:00 -06:00

Commit graph

Author	SHA1	Message	Date
xpltd	cbaec9ad36	R020: Zero outbound telemetry — CSP + security headers Verified: no external URLs in frontend (no CDN fonts, no analytics, no Google Fonts, no external scripts). All fonts use system fallback chains (JetBrains Mono → Cascadia Code → Fira Code → monospace). No outbound HTTP calls in backend code. Added SecurityHeadersMiddleware enforcing: - Content-Security-Policy: default-src 'self', script/font/connect restricted to 'self', style allows 'unsafe-inline' for Vue scoped styles, img allows data: URIs, object-src 'none', frame-ancestors 'none' - X-Content-Type-Options: nosniff - X-Frame-Options: DENY - Referrer-Policy: no-referrer These headers prevent any accidental introduction of external resources in future development — CSP violations will block them.	2026-03-19 06:53:08 -05:00
xpltd	efc2ead796	M001: media.rip() v1.0 — complete application Full-featured self-hosted yt-dlp web frontend: - Python 3.12+ / FastAPI backend with async SQLite, SSE transport, session isolation - Vue 3 / TypeScript / Pinia frontend with real-time progress, theme picker - 3 built-in themes (cyberpunk/dark/light) + drop-in custom theme system - Admin auth (bcrypt), purge system, cookie upload, file serving - Docker multi-stage build, GitHub Actions CI/CD - 179 backend tests, 29 frontend tests (208 total) Slices: S01 (Foundation), S02 (SSE+Sessions), S03 (Frontend), S04 (Admin+Auth), S05 (Themes), S06 (Docker+CI)	2026-03-18 20:00:17 -05:00

Author

SHA1

Message

Date

xpltd

cbaec9ad36

R020: Zero outbound telemetry — CSP + security headers

Verified: no external URLs in frontend (no CDN fonts, no analytics,
no Google Fonts, no external scripts). All fonts use system fallback
chains (JetBrains Mono → Cascadia Code → Fira Code → monospace).
No outbound HTTP calls in backend code.

Added SecurityHeadersMiddleware enforcing:
- Content-Security-Policy: default-src 'self', script/font/connect
  restricted to 'self', style allows 'unsafe-inline' for Vue scoped
  styles, img allows data: URIs, object-src 'none', frame-ancestors
  'none'
- X-Content-Type-Options: nosniff
- X-Frame-Options: DENY
- Referrer-Policy: no-referrer

These headers prevent any accidental introduction of external
resources in future development — CSP violations will block them.

2026-03-19 06:53:08 -05:00

xpltd

efc2ead796

M001: media.rip() v1.0 — complete application

Full-featured self-hosted yt-dlp web frontend:
- Python 3.12+ / FastAPI backend with async SQLite, SSE transport, session isolation
- Vue 3 / TypeScript / Pinia frontend with real-time progress, theme picker
- 3 built-in themes (cyberpunk/dark/light) + drop-in custom theme system
- Admin auth (bcrypt), purge system, cookie upload, file serving
- Docker multi-stage build, GitHub Actions CI/CD
- 179 backend tests, 29 frontend tests (208 total)

Slices: S01 (Foundation), S02 (SSE+Sessions), S03 (Frontend),
        S04 (Admin+Auth), S05 (Themes), S06 (Docker+CI)

2026-03-18 20:00:17 -05:00

2 commits