Add optional CSRF enforcement for write routes

2026-05-20 21:55:30 +02:00
parent 7c06d31ac1
commit 972ccce62a
2 changed files with 24 additions and 0 deletions
--- a/README.md
+++ b/README.md
@@ -36,6 +36,11 @@ The app expects a MariaDB instance configured through environment variables.

 - `SESSION_TTL_SECONDS` (default: `86400`)
 - `SESSION_COOKIE_SECURE` (default: `false`, set `true` in production HTTPS)
+- `REQUIRE_CSRF` (default: `false`, checks same-origin/same-referer for write routes when enabled)
+- `LOGIN_MAX_ATTEMPTS` (default: `5`)
+- `LOGIN_WINDOW_SECONDS` (default: `300`)
+- `LOGIN_LOCKOUT_SECONDS` (default: `900`)
+- `MAX_ICON_BYTES` (default: `2097152`)

 ## Gitea CI/CD