social-reporting-tool/docker-compose.prod.yml at 568cf1d40db2a107e5bd41cbd83d50a6efa32389 - Oliver/social-reporting-tool - Forgejo: Beyond coding. We Forge.

Oliver/social-reporting-tool

DJP dfc2a38861 Security hardening: fix 17 audit findings (C2-C7, H1-H4, H6-H8, M1-M5, M7)

Critical: restrict CORS, move Apify token to Auth header, add path traversal
validation, prompt injection delimiters, require production credentials.
High: security headers, cookie hardening, rate limiting, XSS fixes, error sanitization.
Medium: SSRF prevention, body size limit, Docker non-root, DB creds from env.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-04-08 10:59:48 -04:00

11 lines

327 B

YAML

Raw Blame History

 # Production overrides — use with: docker compose -f docker-compose.yml -f docker-compose.prod.yml up -d
 services:
   db:
     restart: unless-stopped
   social-listening:
     restart: unless-stopped
     environment:
       - NODE_ENV=production
       - SESSION_SECRET=${SESSION_SECRET}
       - ALLOWED_ORIGIN=${ALLOWED_ORIGIN}