[PULSE-60] Frontend hardening, UX polish, and security #35
@@ -42,6 +42,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.1.0/),
|
||||
- **Audit log reliability.** Failed audit log writes are now logged to the server instead of being silently ignored, so gaps in the audit trail are detectable.
|
||||
- **Safer error messages.** Server errors no longer expose internal details (database errors, stack traces) to the browser. You see a clear message like "Failed to create site" while the full error is logged server-side for debugging.
|
||||
- **Content Security Policy.** The backend CSP header was being overwritten by a duplicate, breaking captcha integration. The policy is now set in one place.
|
||||
- **Logout redirect loop.** Signing out no longer bounces you straight to Ciphera Auth. You now land on the Pulse homepage where you can choose to sign back in.
|
||||
|
||||
## [0.10.0-alpha] - 2026-02-21
|
||||
|
||||
|
||||
@@ -2,6 +2,7 @@ import { NextResponse } from 'next/server'
|
||||
import type { NextRequest } from 'next/server'
|
||||
|
||||
const PUBLIC_ROUTES = new Set([
|
||||
'/',
|
||||
'/login',
|
||||
'/signup',
|
||||
'/auth/callback',
|
||||
|
||||
Reference in New Issue
Block a user