computer-playbook

kevinveenbirkenbach/computer-playbook

Fork 0

mirror of https://github.com/kevinveenbirkenbach/computer-playbook.git synced 2025-11-19 11:36:39 +00:00

Commit Graph

Author	SHA1	Message	Date
Kevin Veen-Birkenbach	a996e2190f	feat(logout): wire injector to web-svc-logout and add robust CORS/CSP for /logout - sys-front-inj-logout: depend on web-svc-logout (run-once guarded) and simplify task flow. - web-svc-logout: align feature flags/formatting and extend CSP: - add cdn.jsdelivr.net to connect/script/style and quote values. - Nginx: move CORS config into logout-proxy.conf.j2 with dynamic vars: - Access-Control-Allow-Origin set to canonical logout origin, - Allow-Credentials=true, - Allow-Methods=GET, OPTIONS, - basic headers list (Accept, Authorization), - cache disabled for /logout responses. - Drop obsolete CORS var passing from 01_core.yml; headers now templated at proxy layer. Prepares clean cross-origin logout orchestration from https://logout.veen.world. Refs: ChatGPT discussion – https://chatgpt.com/share/68ebb75f-0170-800f-93c5-e5cb438b8ed4	2025-10-12 16:16:47 +02:00
Kevin Veen-Birkenbach	231fd567b3	feat(frontend): rename inj roles to sys-front-, add sys-svc-cdn, cache-busting lookup Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink. Rename sys-srv-web-inj- → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN. Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css. CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush. BREAKING CHANGE: role names changed; replace includes and references accordingly. Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d	2025-09-01 10:10:23 +02:00

Author

SHA1

Message

Date

Kevin Veen-Birkenbach

a996e2190f

feat(logout): wire injector to web-svc-logout and add robust CORS/CSP for /logout

- sys-front-inj-logout: depend on web-svc-logout (run-once guarded) and simplify task flow.
- web-svc-logout: align feature flags/formatting and extend CSP:
  - add cdn.jsdelivr.net to connect/script/style and quote values.
- Nginx: move CORS config into logout-proxy.conf.j2 with dynamic vars:
  - Access-Control-Allow-Origin set to canonical logout origin,
  - Allow-Credentials=true,
  - Allow-Methods=GET, OPTIONS,
  - basic headers list (Accept, Authorization),
  - cache disabled for /logout responses.
- Drop obsolete CORS var passing from 01_core.yml; headers now templated at proxy layer.

Prepares clean cross-origin logout orchestration from https://logout.veen.world.

Refs: ChatGPT discussion – https://chatgpt.com/share/68ebb75f-0170-800f-93c5-e5cb438b8ed4

2025-10-12 16:16:47 +02:00

Kevin Veen-Birkenbach

231fd567b3

feat(frontend): rename inj roles to sys-front-*, add sys-svc-cdn, cache-busting lookup

Introduce sys-svc-cdn (cdn_paths/cdn_urls/cdn_dirs) and ensure CDN directories + latest symlink.

Rename sys-srv-web-inj-* → sys-front-inj-*; update includes/templates; serve shared/per-app CSS & JS via CDN.

Add lookup_plugins/local_mtime_qs.py for mtime-based cache busting; split CSS into default.css/bootstrap.css + optional per-app style.css.

CSP: use style-src-elem; drop unsafe-inline for styles. Services: fix SYS_SERVICE_ALL_ENABLED bool and controlled flush.

BREAKING CHANGE: role names changed; replace includes and references accordingly.

Conversation: https://chatgpt.com/share/68b55494-9ec4-800f-b559-44707029141d

2025-09-01 10:10:23 +02:00

2 Commits