mirror of
https://github.com/mauriceboe/TREK.git
synced 2026-06-19 13:21:46 +00:00
Claude
804c2586a9
- Remove 'unsafe-inline' from script-src CSP directive - Restrict connectSrc and imgSrc to known external domains - Move Google API key from URL query parameter to X-Goog-Api-Key header - Sanitize error logging in production (no stack traces) - Log file link errors instead of silently swallowing them https://claude.ai/code/session_01SoQKcF5Rz9Y8Nzo4PzkxY8