Alex-Devera/3x-ui
1
0
Fork 0
mirror of https://github.com/MHSanaei/3x-ui.git synced 2026-06-06 21:24:10 +00:00
Code Issues Projects Releases Packages Wiki Activity Actions 4
3x-ui/web/html
History
snvv133 3c11977c77 security: fix password log leak, getDb CSRF, cookie hardening 
1. web/controller/index.go
   Stop logging the submitted plaintext password on failed login.
   Replace it with "***" in the Telegram notification too.

2. web/controller/server.go + web/html/index.html
   Convert /panel/api/server/getDb from GET to POST and require an
   X-Requested-With header. Prevents <img>/<a>/<form> CSRF that would
   otherwise let an attacker steal the SQLite DB by tricking a logged-in
   admin into loading a single URL.

3. web/web.go
   Set Secure=true on the session cookie when TLS cert/key are configured,
   and tighten SameSite from Lax to Strict for the panel session.
2026-04-19 11:33:29 -07:00
..
common feat: Real-time Outbound Traffic, UI Improvements & Fix (#3629) 2026-01-05 05:50:40 +01:00
component chore: use Intl for date formatting (#3588) 2025-12-03 23:37:27 +01:00
form Adjust KCP MTU when selecting xDNS mask 2026-03-04 13:39:14 +01:00
modals bug fix #3785 2026-02-11 22:21:09 +01:00
settings Fix DeepLink for Happ, remove encoding URL (#3863) 2026-03-04 12:29:46 +01:00
inbounds.html Enhance WebSocket client connection logic and improve event listener management (#3636) 2026-01-18 15:38:57 +01:00
index.html security: fix password log leak, getDb CSRF, cookie hardening 2026-04-19 11:33:29 -07:00
login.html fix: login animation (#3559) 2025-09-25 15:16:50 +02:00
settings.html Fix: panel redirecting to old port after restart (#3594) 2026-01-03 03:05:10 +01:00
xray.html fix security issue 2026-02-09 23:36:10 +01:00