docs(security): document signed-token guard on video endpoints#8
Conversation
Co-Authored-By: Claude Opus 4.8 (1M context) <noreply@anthropic.com>
|
You have reached your Codex usage limits for code reviews. You can see your limits in the Codex usage dashboard. |
There was a problem hiding this comment.
Code Review
This pull request updates the SECURITY.md file to document local server hardening measures, including DNS-rebinding guards, session token requirements, and HMAC-SHA256 signatures for source-video endpoints. It also updates the accepted risks section to align with these changes. The review feedback suggests minor grammatical and readability improvements to the newly added text.
Important
The consumer version of Gemini Code Assist on GitHub is being sunset. Starting June 18, 2026, new organization installations will be blocked, and all code review activity will officially cease on July 17, 2026.
For more details on the timeline and next steps, please review the Help Documentation.
Co-Authored-By: Claude Sonnet 5 <noreply@anthropic.com>
What
Documents the signed-token guard on the source-video endpoints (shipped in the quality-hardening wave, PR #7) in
SECURITY.md. Docs-only — no code change.Before this,
SECURITY.mddescribed the local-server model only in terms of the/api/*session token and the risk-acceptedStaticFilesmount, and said nothing about the/videoendpoints now requiring a signed request. This adds that, and sharpens the accepted-risk boundary so the reader sees exactly what is behind the token and what remains an open surface.Changes
/video(and the review server's by-filename twin) require an HMAC-SHA256stquery-parameter signature keyed by the session token, because a<video src>element cannot carry a header; an unsigned GET is rejected with403. Notes that analyze signs URLs at render time while review signs at serve time, keeping the on-disk report token-free and shareable./api/*routes and the video endpoints sit behind the session token; theStaticFilesmount at/remains deliberately un-guarded (unchanged risk acceptance).Verification
screenscribe/server_security.py(video_access_token/_video_query_token_ok) and the/videohandlers inanalyze_server.py/review_server.py.SECURITY.md); leak/brand scan clean.🤖 Generated with Claude Code