617df12b52
All checks were successful
ci/woodpecker/push/woodpecker Pipeline was successful
- Set forbidNonWhitelisted: true in ValidationPipe to reject requests with unknown DTO properties, preventing mass assignment vulnerabilities - Reject requests with no Origin header in production (SEC-API-26) - Restrict localhost:3001 to development mode only - Update CORS tests to cover production/development origin validation Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>