admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
627 Commits 1 Branch 0 Tags
master
Commit Graph

2 Commits

Author SHA1 Message Date
Serreau Jovann
381acd603e Split Stripe webhooks into 2 endpoints: insta (payments) and leger (Connect) 
- /stripe/webhook → /webhooks/stripe/insta (paiements, payouts, disputes, subscriptions)
- /stripe/webhook/connect → /webhooks/stripe/leger (gestion comptes Connect)
- Rename env vars: STRIPE_WEBHOOK_SECRET → STRIPE_WEBHOOK_SECRET_INSTA,
  STRIPE_WEBHOOK_SECRET_CONNECT → STRIPE_WEBHOOK_SECRET_LEGER
- Update StripeService, CsrfProtectionSubscriber, vault, env files and all tests

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-04-01 14:07:49 +02:00
Serreau Jovann
25033c29a0 Add automatic CSRF protection on all POST forms 
- CsrfProtectionSubscriber: auto-injects hidden _csrf_token in HTML responses,
  auto-verifies on POST requests
- Excludes: webhooks, JSON APIs, login (has its own CSRF)
- 9 tests covering all cases (GET, excluded, JSON, no token, invalid, valid, inject, non-HTML)

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
 2026-03-22 20:08:02 +01:00