iven 32c9f93a7b feat(security): enforce WSS for non-localhost connections ...

- Add SecurityError class for clear error handling
- Add validateWebSocketSecurity function
- Block ws:// connections to non-localhost hosts
- Add unit tests for security validation logic

Security: Prevents man-in-the-middle attacks on remote connections
by requiring WSS protocol for all non-localhost WebSocket connections.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>

2026-03-21 17:27:56 +08:00

6.0 KiB

Raw Permalink Blame History

View Raw