{"id":"c0081","filename":"c0081_p2_csp_cleanup.dok.json","weise3_id":"","tip":"cc.task.done","naziv":"P2 fix: CSP kompletni header + 7-day auto-delete cron","kreator":"genesis","datum":"2026-05-07","snippet":"","status":"","prev_weise3":"","bunker_l":"#00d4ff","full":{"tip":"cc.task.done","naziv":"P2 fix: CSP kompletni header + 7-day auto-delete cron","datum":"2026-05-07","sustav":"fenix-v3 / sati.ink","commit":"61244e6","sto_napravljeno":{"csp_header":{"problem":"CSP header nedostajao — identificirano u c0077 kao P4","rijesenje":"Prosiren Django SecurityMiddleware (__init__.py) s: frame-src none; object-src none; base-uri self; form-action self; media-src self blob;","arhitekturalna_odluka":"CSP u Django middleware (ne nginx) jer je application-level policy. Nginx samo dodaje X-Content-Type-Options + Referrer-Policy.","provjera":"curl -sI https://sati.ink/ — jedan CSP header (nije duplikat)"},"cleanup_cron":{"problem":"BetaUploadEntry.expires_at polje postoji ali nema Celery Beat taska koji brise","task":"arhiva.tasks.cleanup_expired_beta_entries","schedule":"svakih 6 sati (21600s)","logika":["BetaUploadEntry.expires_at < now() -> brise original_file + DB zapis","TempArhivaEntry.created_at < now-30d -> brise original_file + DB (GDPR minimizacija)","iterator(chunk_size=200) — memory-safe za velike skupove","Non-blocking: file greske logiraju se ali ne blokiraju DB delete"],"beat_kljuc":"sati-ink-cleanup-expired","queue":"scheduled"}},"faze":[{"id":1,"naziv":"CSP prosiren u middleware","status":"DONE"},{"id":2,"naziv":"Nginx dupli CSP uklonjen","status":"DONE"},{"id":3,"naziv":"cleanup_expired_beta_entries task","status":"DONE"},{"id":4,"naziv":"Beat schedule registracija","status":"DONE"},{"id":5,"naziv":"commit + chain","status":"DONE"}]}}