gramps/jarvisChat
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

feat(settings): allowlist /api/settings keys (v1.7.1)

Browse Source
This commit is contained in:
Llama Chile Shop
2026-04-27 16:48:19 -07:00
parent c88e52e0ef
commit 9589141521
4 changed files with 75 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
docs/wiki/current-wip.md
View File

@@ -17,7 +17,7 @@ Total identified items: 26
2. [P0][DONE] Add CSRF/origin protection for browser-initiated state-changing requests.
3. [P0][DONE] Block unsafe URL schemes in rendered search-result links (e.g., javascript:).
4. [P0][DONE] Add rate limiting and request body size limits for chat/search/profile APIs.
5. [P1] Restrict settings updates to an allowlist of valid keys.
5. [P1][DONE] Restrict settings updates to an allowlist of valid keys.
6. [P1] Add pagination + hard caps on list endpoints (memories, conversations, message history).
7. [P1] Stop returning raw exception text to clients; use safe error envelopes.
8. [P1] Add automated tests for chat streaming, auto-search trigger, and memory command paths.