security: LOW findings + fix .gitignore overmatch
- Swagger UI restricted to localhost only - Message content length limit (4000 chars max) on create + update - Bot/server/webhook ownership checks return 404 instead of 403 (prevents resource ID enumeration) - Fix .gitignore: /server instead of server to stop ignoring internal/server/ directory
This commit is contained in:
@@ -270,7 +270,7 @@ func (h *Handler) Delete(w http.ResponseWriter, r *http.Request) {
|
||||
return
|
||||
}
|
||||
if createdBy != userID {
|
||||
writeErr(w, http.StatusForbidden, "forbidden")
|
||||
writeErr(w, http.StatusNotFound, "webhook not found")
|
||||
return
|
||||
}
|
||||
|
||||
|
||||
Reference in New Issue
Block a user