mirror of
https://github.com/tmdinosaurcenter/kiosk-guestbook.git
synced 2026-06-03 23:09:35 -06:00
fix: correct marquee scroll speed and add code TODOs
- Fixed scrolling marquee to use a fixed px/s speed via JS instead of a fixed duration, preventing it from speeding up as entries are added - Added inline TODO comments throughout codebase to track known issues (rate limiting, CSRF, unbounded queries, deprecated Flask decorator, PII logging, schema versioning, Docker non-root user, etc.) - Added todo-to-issue GitHub Action to auto-create Issues from TODOs on push to main - Added .claude/ to .gitignore
This commit is contained in:
@@ -24,5 +24,10 @@ ENV FLASK_ENV=production
|
||||
# Expose the port (Gunicorn will run on 8000)
|
||||
EXPOSE 8000
|
||||
|
||||
# TODO: No USER directive — container runs as root. Add a non-root user for security.
|
||||
# example.env has PID/GID=1000 vars suggesting this was intended. e.g.:
|
||||
# RUN useradd -u 1000 -g 1000 appuser && chown -R appuser /app /data
|
||||
# USER appuser
|
||||
|
||||
# Use the entrypoint script as the container's command
|
||||
CMD ["/entrypoint.sh"]
|
||||
|
||||
Reference in New Issue
Block a user