LibreChat

mirror of https://github.com/danny-avila/LibreChat.git synced 2026-04-07 00:15:23 +02:00

History

Danny Avila c39fffedf7 fix: restore early oauthError/code redirects, gate only failFlow behind CSRF The previous restructuring moved oauthError and missing-code checks behind CSRF validation, breaking tests that expect those redirects without cookies. The redirect itself is harmless (just shows an error page). Only the failFlow call needs CSRF gating to prevent DoS. Restructure: oauthError check stays early (redirects immediately), but failFlow inside it runs the full CSRF/session/active-flow validation before marking the flow as FAILED.		2026-04-03 19:35:14 -04:00
..
controllers	🔁 fix: Pass recursionLimit to OpenAI-Compatible Agents API Endpoint (#12510 )	2026-04-01 21:13:07 -04:00
middleware	🏗️ refactor: Remove Redundant Caching, Migrate Config Services to TypeScript (#12466 )	2026-03-30 16:49:48 -04:00
routes	fix: restore early oauthError/code redirects, gate only failFlow behind CSRF	2026-04-03 19:35:14 -04:00
services	🎯 fix: MCP Tool Misclassification from Action Delimiter Collision (#12512 )	2026-04-01 22:36:21 -04:00
utils	🏗️ refactor: Remove Redundant Caching, Migrate Config Services to TypeScript (#12466 )	2026-03-30 16:49:48 -04:00
cleanup.js	🧹 refactor: Tighten Config Schema Typing and Remove Deprecated Fields (#12452 )	2026-03-29 01:10:57 -04:00
experimental.js	⚖️ refactor: Split Config Route into Unauthenticated and Authenticated Paths (#12490 )	2026-03-31 19:22:51 -04:00
index.js	⚖️ refactor: Split Config Route into Unauthenticated and Authenticated Paths (#12490 )	2026-03-31 19:22:51 -04:00
index.spec.js	🚦 fix: 404 JSON Responses for Unmatched API Routes (#11976 )	2026-02-27 22:49:54 -05:00
socialLogins.js	🔐 feat: Admin Auth Support for SAML and Social OAuth Providers (#12472 )	2026-03-30 22:49:44 -04:00