github DRYTRIX/TimeTracker dev-dev-32-09105445
Development Build dev-32-09105445
on GitHub

latest releases: v5.0.0, v4.23.1, v4.23.0...
pre-release5 months ago

Development Build

**Version:** dev-32-09105445
**Commit:** 0910544
**Branch:** develop
**Build:** #32

### Docker Image
```
ghcr.io/DRYTRIX/TimeTracker:develop
```

### Quick Start
```bash
docker pull ghcr.io/DRYTRIX/TimeTracker:develop
docker-compose -f deployment-dev.yml up -d
```

### Changes
fix(csrf): harden forms; enforce SECRET_KEY; improve client refresh
  • CSRF error handler:
    • Treat classic form POSTs as HTML (flash + safe redirect) regardless of
      Accept header quirks; return JSON only for XHR/JSON requests
    • Add contextual logging (path, method, referrer, user, reason) for diagnostics
  • Security/config:
    • Enforce strong SECRET_KEY in production (no placeholders, min length);
      refuse startup if invalid
    • Make SESSION_COOKIE_SAMESITE and REMEMBER_COOKIE_SAMESITE env-driven
      while keeping Secure/HttpOnly flags configurable
  • Client resilience:
    • Refresh CSRF token on window focus in addition to periodic refresh
    • Pre-submit refresh if token is stale (>15 minutes)
    • Auto-inject/refresh tokens for dynamically added forms via MutationObserver
  • UX correctness:
    • Ensure tasks.edit_task re-renders with projects/users on validation errors

Fixes #77 (csrf_token_missing_or_invalid)
See: #77

Files:

  • app/init.py
  • app/config.py
  • app/templates/base.html
  • app/routes/tasks.py

Note: In production, a single, persistent SECRET_KEY is required across all instances. 

---
*This is an automated development build. Use at your own risk.*
Check out latest releases or
releases around DRYTRIX/TimeTracker dev-dev-32-09105445

Don't miss a new TimeTracker release

NewReleases is sending notifications on new releases.

Get notifications