bztmon-site

jwright/bztmon-site

Fork 0

Commit Graph

Author	SHA1	Message	Date
jwright	c1db5cec86	M4: security pass — strict CSP, header split, build-time scan All JS moved to external /site.js → script-src 'self' with no inline JS, hashes or eval. Full header set via nginx (CSP, nosniff, frame-deny, referrer, permissions, COOP/CORP); HSTS stays at the CF edge. Shared headers include avoids the location add_header reset footgun. Build-time secret/inline-script/third-party scan gate. SECURITY.md documents posture.	2026-06-17 17:12:57 +10:00
jwright	2d4b6ea097	Initial portfolio site: Astro + Tailwind MVP Outcome-led hero, about, grouped skills, experience summary, featured projects + /projects index, static contact, SEO/OG, dark/light theme. Dockerfile + nginx config + build script for homelab deploy.	2026-06-17 16:22:53 +10:00

Author

SHA1

Message

Date

jwright

c1db5cec86

M4: security pass — strict CSP, header split, build-time scan

All JS moved to external /site.js → script-src 'self' with no inline JS,
hashes or eval. Full header set via nginx (CSP, nosniff, frame-deny,
referrer, permissions, COOP/CORP); HSTS stays at the CF edge. Shared
headers include avoids the location add_header reset footgun. Build-time
secret/inline-script/third-party scan gate. SECURITY.md documents posture.

2026-06-17 17:12:57 +10:00

jwright

2d4b6ea097

Initial portfolio site: Astro + Tailwind MVP

Outcome-led hero, about, grouped skills, experience summary, featured
projects + /projects index, static contact, SEO/OG, dark/light theme.
Dockerfile + nginx config + build script for homelab deploy.

2026-06-17 16:22:53 +10:00

2 Commits