Hugh Brown af094ad11a fix: exclude signature and auth headers from webhook payload capture ...

_captured_headers was storing all x-* headers including
X-Hub-Signature-256 and X-Webhook-Signature. Since stored headers
are exposed via the payload read endpoint, this enabled replay
attacks without knowing the webhook secret. Now signature and
authorization headers are excluded from capture.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-07 23:35:10 +05:30

..

__init__.py

refactor: update module docstrings for clarity and consistency

2026-02-09 15:49:50 +05:30

activity.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

agent.py

security: fix fail-open auth, streaming payload limit, and rate limiter memory leak

2026-03-07 23:35:10 +05:30

agents.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

approvals.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

auth.py

feat(api): enhance authentication and health check endpoints with detailed responses and descriptions

2026-02-15 02:35:31 +05:30

board_group_memory.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

board_groups.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

board_memory.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

board_onboarding.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

board_webhooks.py

fix: exclude signature and auth headers from webhook payload capture

2026-03-07 23:35:10 +05:30

boards.py

redesigned dashboard page

2026-03-04 16:01:56 +05:30

deps.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

gateway.py

security: require org-admin for gateway session message endpoint

2026-03-07 23:35:10 +05:30

gateways.py

Address ruff / formatting errors

2026-03-07 23:35:10 +05:30

metrics.py

fix(ci): resolve backend check failures in dashboard metrics

2026-03-04 16:11:14 +05:30

organizations.py

fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT

2026-02-15 16:06:06 +05:30

queryset.py

refactor: replace DefaultLimitOffsetPage with LimitOffsetPage in multiple files and update timezone handling to use UTC

2026-02-09 20:40:17 +05:30

skills_marketplace.py

Update backend/app/api/skills_marketplace.py

2026-03-07 23:35:10 +05:30

souls_directory.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

tags.py

feat(tags): add tag management interfaces and update related schemas

2026-02-12 18:35:48 +05:30

task_custom_fields.py

fix: update HTTP status code from UNPROCESSABLE_ENTITY to UNPROCESSABLE_CONTENT

2026-02-15 16:06:06 +05:30

tasks.py

refactor: rename require_admin_auth/require_admin_or_agent to require_user_auth/require_user_or_agent

2026-03-07 23:35:10 +05:30

users.py

feat: add approval-task links model and related functionality for task associations

2026-02-11 20:27:07 +05:30