Files
alro65 cfd94f905a security: CORS hardening, path traversal fix, WebSocket auth + cleanup
- Restrict CORS to localhost origins (was allow_origins=[*])
- Require valid JWT on WebSocket /ws (anonymous no longer gets admin view)
- Fix path traversal in delete_cell(): resolve() + parent check
- Validate cell_id format in /charts/download-noaa/{cell_id}
- Exclude charts/ and Cartas/ from git (keep US1GC09M world overview)
- Add NOAA ENC Portal external link in charts catalog tab
- Untrack __pycache__/, .db, .claude/ session files

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-07-03 12:45:43 -04:00

41 lines
532 B
Plaintext

# Python
__pycache__/
*.pyc
*.pyo
*.pyd
.venv/
venv/
*.egg-info/
dist/
build/
# Secrets
.env
*.env
# Base de datos SQLite (contiene usuarios y contraseñas — NO subir)
*.db
*.sqlite
# ENC / S-57 chart data — large binary + GeoJSON, rebuilt on demand.
# Keep only the single world-overview cell (US1GC09M) as base reference.
Cartas/
charts/
!charts/US1GC09M/
# Generated GeoJSON (rebuilt on demand)
backend/cache/
# Node
node_modules/
# OS
.DS_Store
Thumbs.db
# IDE / session files
.claude/
*.log
logs/
.nextcloudsync.log