Skip to content

security: apply security audit improvements#395

Merged
AdamJ merged 1 commit into
mainfrom
security/audit-improvements
May 27, 2026
Merged

security: apply security audit improvements#395
AdamJ merged 1 commit into
mainfrom
security/audit-improvements

Conversation

@AdamJ

@AdamJ AdamJ commented May 27, 2026

Copy link
Copy Markdown
Owner

Summary

  • Fix missing rel="noopener noreferrer" on 4 external footer links (tabnabbing prevention)
  • Move Font Awesome registry token from CLI argument to env var (prevents potential log exposure)
  • Self-host Workbox v7.4.1 — removes CDN importScripts dependency, eliminates supply chain risk in service worker context
  • Add src/_headers with X-Frame-Options, X-Content-Type-Options, Referrer-Policy, Permissions-Policy (honored by Cloudflare Pages previews; configure matching rules in Cloudflare dashboard for live site)

Test plan

  • Verify pnpm build completes without errors
  • Confirm docs/sw.js uses /workbox-v7.4.1/workbox-sw.js (not CDN URL)
  • Confirm docs/workbox-v7.4.1/ directory present in build output
  • Check footer links open correctly in new tab
  • Verify CI build passes with updated workflow token handling

🤖 Generated with Claude Code

@AdamJ @claude
security: apply audit improvements
469307d 
- Add rel="noopener noreferrer" to 4 external footer links (tabnabbing)
- Add security headers via src/_headers for Cloudflare Pages
- Move Font Awesome token from CLI arg to env var in workflow
- Self-host Workbox: replace CDN importScripts with local workbox-v7.4.1
- Add scripts/build-sw.js (workbox-build injectManifest + copyWorkboxLibraries)
- Wire build:sw into prod build pipeline after build:eleventy
- Add workbox-build@7.4.1 devDependency

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
@github-actions github-actions Bot added github-action Items associated with GitHub Actions minor Minor release tag labels May 27, 2026
@AdamJ AdamJ added security Pull requests that address a security vulnerability and removed minor Minor release tag labels May 27, 2026
@cloudflare-workers-and-pages

cloudflare-workers-and-pages Bot commented May 27, 2026

Copy link
Copy Markdown

Deploying adamj-github-io with  Cloudflare Pages  Cloudflare Pages

Latest commit: 469307d
Status: ✅  Deploy successful!
Preview URL: https://7936a7a2.adamj-github-io.pages.dev
Branch Preview URL: https://security-audit-improvements.adamj-github-io.pages.dev

View logs

@AdamJ AdamJ merged commit 7db2728 into main May 27, 2026
6 checks passed
@AdamJ AdamJ deleted the security/audit-improvements branch May 27, 2026 15:17
@github-project-automation github-project-automation Bot moved this from Ideas to Done in Personal projects May 27, 2026
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

github-action Items associated with GitHub Actions security Pull requests that address a security vulnerability

Projects

Personal projects
Status: Done

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@AdamJ