Tags: Hawk-API/HawkAPI
Tags
Security hardening (v0.2.0) - CSRF middleware now verifies the submitted token HMAC signature (CWE-352) - HTML-escape OpenAPI UI title and JSON-encode URL in JS context; pin CDN asset versions (CWE-79) - DebugMiddleware defaults to enabled=False (CWE-489) - TrustedProxyMiddleware whitelists X-Forwarded-Proto to http/https - StructuredLoggingMiddleware sanitizes client request IDs (CWE-117) - parse_multipart enforces a max_parts limit (CWE-770) - SecurityHeadersMiddleware sets HSTS by default - Scaffold no longer ships allow_origins=["*"]