fixing some security issues and harderning service

app-code/api/account/update_passkey.php

@@ -3,6 +3,9 @@
 header('Content-Type: application/json');
 
 
+include "../utils/security.php";
+secure_session_start();
+require_same_origin_request();
 
 require_once 'WebAuthn.php';
 
@@ -15,7 +18,6 @@ if ($conn->connect_error) {
 }
 
 try {
-	session_start();
 	if (!isset($_SESSION["logged_in"]) || $_SESSION["logged_in"] !== true) {
     echo json_encode([
         'success' => false,
@@ -168,4 +170,3 @@ try {
     print(json_encode($return));
 }
 ?>
-