harden browser routes with csrf checks and lock internal/dev endpoints

2026-02-18 15:27:47 +00:00
parent 4814342156
commit f672677d4f
7 changed files with 200 additions and 30 deletions
--- a/.env.example
+++ b/.env.example
@@ -3,6 +3,8 @@ NODE_ENV=production
 PORT=3000
 LOG_LEVEL=info
 APP_BASE_URL=https://xartaudio.example.com
+ENABLE_DEV_ROUTES=false
+ALLOW_IN_MEMORY_STATE_FALLBACK=false

 # Better Auth
 BETTER_AUTH_SECRET=replace-me