implemented a lot of security measures

2025-12-09 20:29:32 +01:00
parent 4bdb93c171
commit 928d28fcaf
21 changed files with 953 additions and 134 deletions
--- a/.env.example
+++ b/.env.example
@@ -102,6 +102,10 @@ PADDLE_CONSOLE_URL=
 # Sanctum / SPA auth
 SANCTUM_STATEFUL_DOMAINS=localhost,localhost:3000
 SANCTUM_TOKEN_PREFIX=
+CORS_ALLOWED_ORIGINS=http://localhost:3000,http://localhost:5173
+CORS_ALLOWED_METHODS=GET,POST,PUT,PATCH,DELETE,OPTIONS
+CORS_ALLOWED_HEADERS=Content-Type,Authorization,X-Requested-With,X-Locale,X-Device-Id
+CORS_SUPPORTS_CREDENTIALS=false
 JOIN_TOKEN_FAILURE_LIMIT=10
 JOIN_TOKEN_FAILURE_DECAY=5
 JOIN_TOKEN_ACCESS_LIMIT=120