Scott.Idem/OSIT-AE-App-Svelte
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security(api): harden V3 authentication and unify CRUD endpoint patterns

Browse Source 
Implemented critical security and architectural fixes to align the frontend with the Aether API V3 standard and resolve 403 Forbidden race conditions.

- Unified CRUD Helpers: Updated get, create, update, and delete helpers to use the standard /v3/crud/{obj_type}/{id} paths, ensuring correct backend isolation context.
- Auth Scavenging: Implemented direct localStorage scavenging for 'x-account-id' in core fetch helpers to prevent hydration race conditions in Svelte 5.
- Header Cleanup: Purged redundant 'x-aether-api-token' and fixed misplaced protocol headers in global stores.
- Reliability: Fixed 'Content-Type' typos and standardized kebab-case header normalization.
This commit is contained in:
Scott Idem
2026-02-13 19:10:32 -05:00
parent 3e83890932
commit f62bd9fb79
7 changed files with 68 additions and 313 deletions
Download Patch File Download Diff File Expand all files Collapse all files

5
src/lib/stores/ae_stores.ts
View File

@@ -457,11 +457,8 @@ export const ae_api_data_struct: key_val = {
};
const ae_api_headers: key_val = {};
ae_api_headers['Access-Control-Allow-Origin'] = '*';
ae_api_headers['Content-Yype'] = 'application/json';
ae_api_headers['Content-Type'] = 'application/json';
ae_api_headers['x-aether-api-key'] = ae_api_data_struct.api_secret_key;
ae_api_headers['x-aether-api-token'] = 'fake-temp-token';
ae_api_headers['x-aether-api-expire-on'] = '';
if (ae_account_id) {
ae_api_headers['x-account-id'] = ae_account_id;
} else {