๐ Security Enhancements
CSRF Token Improvements
- Automatic Retry Mechanism: Frontend now automatically refreshes CSRF tokens and retries requests when encountering 403 CSRF errors
- Validation: Retry logic validates error messages to ensure only genuine CSRF errors trigger token refresh
- App.tsx Enhancement: Added intelligent retry to
authFetch()matching API service behavior
HSTS Configuration Fix
- HTTP Support: Fixed HSTS (HTTP Strict Transport Security) headers to respect
COOKIE_SECUREenvironment variable - Issue: Server was forcing HTTPS upgrades even when
COOKIE_SECURE=falsewas set - Solution: HSTS now only enabled when both
NODE_ENV=productionANDCOOKIE_SECURE !== 'false' - Impact: Allows intentional HTTP-only deployments without browser HTTPS enforcement
๐ Documentation
NODE_ENV Clarification
- Fixed: Clarified that
NODE_ENVdefaults todevelopmentwhen not specified - Update: Getting Started guide troubleshooting section now correctly states development is the default mode
- Previous: Incorrectly suggested
NODE_ENV=developmentneeded to be explicitly set
๐ ๏ธ Technical Details
Files Changed
src/App.tsx: Added CSRF retry logic with validationsrc/server/server.ts: HSTS configuration respects COOKIE_SECURE settingdocs/getting-started.md: Documentation accuracy improvementspackage.json&helm/meshmonitor/Chart.yaml: Version bump to 2.4.4
Related PRs
- #189: Implement CSRF retry mechanism with validation
- #188: Comprehensive CSRF protection implementation
๐ Upgrading
Pull the latest image:
```bash
docker compose pull
docker compose up -d
```
Or for specific version:
```yaml
image: ghcr.io/yeraze/meshmonitor:v2.4.4
```
Full Changelog: v2.4.3...v2.4.4
๐ MeshMonitor v2.4.4
๐ฆ Installation
Docker (recommended):
docker run -d \
--name meshmonitor \
-p 8080:3001 \
-v meshmonitor-data:/data \
ghcr.io/Yeraze/meshmonitor:v2.4.4๐งช Testing
โ
All tests passed
โ
TypeScript checks passed
โ
Docker images built for linux/amd64, linux/arm64, linux/arm/v7
๐ Changes
See commit history for detailed changes.