Skip to content

Security/fix webhook auth and xss#3

Merged
mpge merged 3 commits intomainfrom
security/fix-webhook-auth-and-xss
Feb 15, 2026
Merged

Security/fix webhook auth and xss#3
mpge merged 3 commits intomainfrom
security/fix-webhook-auth-and-xss

Conversation

@mpge
Copy link
Member

@mpge mpge commented Feb 15, 2026

No description provided.

mpge added 3 commits February 12, 2026 21:19
Replace hardcoded English strings across views, models, services,
templates, middleware, and management commands with Django's gettext
translation functions.

- Add .po locale files for 4 locales (en, es, fr, de)
- Update views to use _() for flash messages and error responses
- Update email templates with {% trans %} template tags
- Update notification service to use translated strings
- Update middleware and management commands with translations
- Configure Django app for locale discovery in apps.py
- Mailgun: add 5-minute timestamp freshness window for replay protection
- SES: add SNS message type validation and SigningCertURL domain check
@mpge mpge merged commit ef516b9 into main Feb 15, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant