Token Management and Security Enhancements
This cluster focuses on improving token handling and security measures within the framework, particularly regarding authorization and device token priorities.
| # | Title | Author | Created | GitHub |
|---|---|---|---|---|
| 6112 | refactor: add early return for invalid Authorization headers | T1mn | 2026-02-01 | View |
| 7589 | Tests: accept browser profiles auth option | justinhuangcode | 2026-02-03 | View |
| 8779 | fix(security): use constant-time comparison for token validation | hleliofficiel | 2026-02-04 | View |
| 14197 | fix(security): harden browser API auth, token comparisons, and hook tokens | leecarollyn-gif | 2026-02-11 | View |
| 15722 | fix: prefer explicit token over stored device token for remote gateways rep | 0xPotatoofdoom | 2026-02-13 | View |
| 17279 | fix: restore device token priority over config token | MisterGuy420 | 2026-02-15 | View |
| 17336 | fix(gateway): restore device token priority over passive config token | milosm | 2026-02-15 | View |
| 17379 | fix: restore device token priority in device-auth mode | Limitless2023 | 2026-02-15 | View |
| 18933 | fix(security): use timingSafeEqual for pairing code comparison | kobepaw | 2026-02-17 | View |
| 22656 | fix(providers): increase slow_down back-off to 5 s per RFC 8628 | adhitShet | 2026-02-21 | View |