Auth security round: SB3 (email tokens out of URL query → fragment), SA4 (server-side session revocation + 'Log out other sessions'), SA3 (trusted-proxy X-Forwarded-For so rate limits can't be bypassed via a forged header). |
||
|---|---|---|
| .. | ||
| public | ||
| src | ||
| index.html | ||
| package-lock.json | ||
| package.json | ||
| postcss.config.js | ||
| tailwind.config.js | ||
| tsconfig.json | ||
| vite.config.ts | ||