till/managarten
1
0
Fork 0
mirror of https://github.com/Memo-2023/mana-monorepo.git synced 2026-05-23 21:36:41 +02:00
Code Issues Projects Releases Packages Wiki Activity Actions 5

feat(security): add unified CSP headers to all 17 web apps

Browse source 
Create @manacore/shared-utils/security-headers with setSecurityHeaders()
utility that sets standard security headers (CSP, X-Frame-Options,
X-Content-Type-Options, Referrer-Policy, Permissions-Policy).

CSP includes stats.mana.how (Umami) and glitchtip.mana.how by default.
Each app passes its own connectSrc origins (auth URL, backend URL, etc.).

Previously only Calendar and Storage had CSP headers - now all 17 web
apps have consistent security headers via the shared utility.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Till JS 2026-03-22 18:53:40 +01:00
parent 79544160b7
commit f5ee3aae20
19 changed files with 246 additions and 58 deletions
Download patch file Download diff file Expand all files Collapse all files

3
packages/shared-utils/package.json
View file

@ -8,7 +8,8 @@
"exports": {
".": "./src/index.ts",
"./analytics": "./src/analytics.ts",
"./analytics-server": "./src/analytics-server.ts"
"./analytics-server": "./src/analytics-server.ts",
"./security-headers": "./src/security-headers.ts"
},
"scripts": {
"type-check": "tsc --noEmit",