Talon/chat_grid
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enforce websocket origin allowlist with secure-mode config

Browse Source
This commit is contained in:
Jage9
2026-02-28 04:47:07 -05:00
parent 9f3cd1fbdc
commit cf30229b37
9 changed files with 87 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
README.md
View File

@@ -26,6 +26,7 @@ npm run dev
Notes:
- Server defaults to `config.toml` when present.
- Server bind/port defaults are `127.0.0.1:8765` unless changed in config or CLI flags.
- Server websocket origin checks use `network.allowed_origins`; in secure mode (`allow_insecure_ws=false`), configure your real `https://` site origins.
- Client dev defaults to Vite local host/port (`localhost:5173`) unless flags override.
- Auth requires `CHGRID_AUTH_SECRET` in server environment; `deploy/scripts/install_server.sh` creates `server/.env` with this value automatically if missing.
- Saved login/session persistence uses a server-set `HttpOnly` cookie (`chgrid_session_token`).