程序员阿江(Relakkes) a5cc7ff0c1 Tighten H5 policy trusted routes
The classifier should not treat every /sdk path as trusted by pathname, because LAN-exposed servers already have a narrower local SDK trust boundary.

Constraint: Desktop local chat, Tauri WebView, loopback adapters, and local SDK routes must remain tokenless.

Rejected: Path-only /sdk trust | a non-local caller could reach the SDK route through a LAN-bound server.

Confidence: high

Scope-risk: narrow

Directive: Keep remote /sdk and hostile-origin loopback requests in the H5/browser bucket unless a dedicated SDK auth layer is verified.

Tested: bun test src/server/__tests__/h5-access-policy.test.ts
2026-05-12 14:26:00 +08:00
..
2026-04-18 20:34:56 +08:00