Skip to content

[P1] Public-endpoint hardening (unauthenticated ingest) #5

Open
Open
[P1] Public-endpoint hardening (unauthenticated ingest)#5
Labels
phase-1Phase 1 (core widget→issue)

Description

@thorwhalen
thorwhalen
opened on Jun 19, 2026

The ingest endpoint is unauthenticated and hostile — treat every submission as untrusted UGC.

  • Bot gate: Cloudflare Turnstile (or hCaptcha) verified server-side
  • Rate limiting per-IP/origin — slowapi backed by Redis (in-memory default is per-worker, fails under multiple workers)
  • Payload caps (body, screenshot bytes, field lengths)
  • CORS origin allowlist + documented CSP guidance for embedders
  • Server-side repo/site resolution (browser never names the target); moderation/holding state

Design: design.md (Public-endpoint hardening) · #1

Metadata

Metadata

Assignees

No one assigned

    Labels

    phase-1Phase 1 (core widget→issue)

    Type

    No type

    Fields

    No fields configured for issues without a type.

    Projects

    No projects

    Milestone

    No milestone

    Relationships

    None yet

    Development

    No branches or pull requests

    Issue actions