fix(serve): error handling, CORS, body limit, CAS store reuse #136

Merged

xiaomo merged 1 commits from fix/120-serve-hardening into main

2026-05-08 15:00:33 +00:00

Author	SHA1	Message	Date
xingyue	6b1e728700	fix(serve): error handling, CORS, body limit, CAS store reuse - Global error handler (app.onError → 500 JSON) - JSON parse validation on POST routes (400) - CORS restricted to localhost origins - 1MB body size limit on POST (413) - CAS store created once per route group, not per-request - 6 new tests covering all changes Closes #120	2026-05-08 18:11:59 +08:00

Author

SHA1

Message

Date

xingyue

6b1e728700

fix(serve): error handling, CORS, body limit, CAS store reuse

- Global error handler (app.onError → 500 JSON)
- JSON parse validation on POST routes (400)
- CORS restricted to localhost origins
- 1MB body size limit on POST (413)
- CAS store created once per route group, not per-request
- 6 new tests covering all changes

Closes #120

2026-05-08 18:11:59 +08:00

fix(serve): error handling, CORS, body limit, CAS store reuse #136

1 Commits