00:08:35 it doesnt seem to like the FOSSness of the * , but tor is working now 00:16:11 ive lifted a csp from (under 'to tighten further..' https://cheatsheetseries.owasp.org/cheatsheets/Content_Security_Policy_Cheat_Sheet.html 00:18:17 which gives an A+ 🤷 00:27:04 and breaks the site, oops 00:29:01 too aggressive , ill leave it up for redsh4de to take a look at the browser console errors , otherwise have to revert to something else 01:58:37 <321bob321:monero.social> Which proxy is it ? 01:58:42 <321bob321:monero.social> Caddy ? 06:43:59 good call, forgor about this: will add today 06:44:21 will investigate 08:32:42 pushed changes that resolves most of the csp issues, but update the headers to also include `media-src self blob: data:;` to allow loading local media content, and `font-src self data:;` to allow loading of the local fonts 08:45:00 Apply this CSP and it will work fine: 08:45:01 ``` 08:45:03 "default-src 'none'; script-src 'none'; connect-src 'self'; img-src 'self' data:; media-src 'self'; font-src 'self' data:; style-src 'self' 'unsafe-inline'; frame-ancestors 'self'; form-action 'self'", 08:45:05 ``` 10:46:59 'unsafe-inline' for style-src is pretty much required for the icons to work as dynamically as they do 10:50:23 thanks, added it and pointed to your repo https://beta.monerodevs.org/ 10:50:46 onion link in the headers 10:52:24 And we still have a A+ :D 10:52:25 https://securityheaders.com/?q=+https%3A%2F%2Fbeta.monerodevs.org%2F&followRedirects=on 11:03:50 Dan proxy : its..... im sorry its nginx , the built in coolify option + Nixpacks (rather than a Dockerfile like monero-docs) 11:35:39 cool 11:36:11 but you will have to re-run these tests for also the server hosting the website which will be getmonero.org 11:39:56 https://internet.nl/site/beta.monerodevs.org/3545181 12:28:33 security.txt .. interesting 12:30:13 lets see if they accept a redirect @ beta.monerodevs.org/.well-known/security.txt 12:31:25 It says redirects are ok 12:31:59 ive put an example contact email there 12:32:58 signed too because we are crypto peoples 12:33:38 the scan site may take time to load or the format is wrong : i created using https://securitytxt.org/ 12:34:56 same for ipv6.. added a record for it but not appearing in dig yet 12:37:09 bumped to 92 . adding ipv6 complains about https... will check soon, no idea 13:07:43 rando: magnet link uses a avif icon now, and the download dropdowns have been made prettier + more consistent with the rest of the page now 13:08:02 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/mpYNhcohycprYrPbFgqLWeSP 13:47:44 menu localizable? 13:47:52 platforms menu localizable? 13:51:24 rando 100% now but its ignoring the security,txt :( 13:51:56 nice 13:52:17 ignore, i added en,Esperanto which is wrong in languages 13:52:26 should be en, eo 13:52:52 thanks 13:53:28 not yet, i'll localize non-brand words like installer, tarball, etc 13:54:29 I put up security.txt on the github repo itself just now, so that the scanner does not complain about the mismatch of canonical and the gist source 13:57:14 🙏 14:06:28 redsh4de extrnal link icons reverted to LTR? 14:06:40 https://getmonero-redesign-impl.vercel.app/ar/downloads/ 14:07:24 all icons too 14:07:30 in RTL 14:12:17 good eye, fixing 14:17:29 pushed just now, with localization for download dropdown 14:17:41 the vercel link will update quicker 14:18:19 https://www.getmonero.org/404 Diego Salazar any ideas for 404 page for news redesig? I like the simplicity and tongue of cheeck descn 14:18:51 https://www.getmonero.org/404 Diego Salazar any ideas for 404 page for new redesign? I like the simplicity and tongue of cheeck desc of current one 14:25:47 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/OpSCILTDfXWotmKPAUtORVKU 14:26:01 I was thinking of making this optionally localizable 14:26:34 https://matrix.monero.social/_matrix/media/v1/download/matrix.org/TVFtZvzFOLBKvVrXlXoImsPV 14:26:39 would look like this for arabic 14:26:47 https://www.omniglot.com/language/numerals.htm 14:34:02 can do :D 14:40:07 just add t(), as if we did by default, some will want to even use the "universal" numerals 123... 14:40:38 just add t(), as if we did localize them by default for each locale, some will want to even use the "universal" numerals 123... for their locale with theor own numerals. 14:43:35 Won't even need t here, have something simpler in mind 14:58:44 ```js 14:58:45 export const localizeNumber = ( 14:58:47 number: number, 14:58:49 locale: keyof typeof locales, 14:58:51 minimumIntegerDigits: number = 1, 14:58:53 ): string => { 14:58:55 const localeString = locales[locale]; 14:58:57 return number.toLocaleString(localeString, { 14:58:59 minimumIntegerDigits: minimumIntegerDigits, 14:59:01 useGrouping: false, 14:59:03 }); 15:04:57 live on page rando : https://getmonero-redesign-impl.vercel.app/ar 15:11:19 http://beta.monerodevs.org/.well-known/security.txt LMAO [@321bob321:monero.social](https://matrix.to/#/@321bob321:monero.social) 18:44:32 <321bob321:monero.social> Need robot.txt too ? 18:49:41 Did you see the contact details [@321bob321:monero.social](https://matrix.to/#/@321bob321:monero.social) 18:50:43 <321bob321:monero.social> Yeah 18:59:05 At least we know that is account is used 18:59:32 <321bob321:monero.social> Always monitored 19:01:34 <321bob321:monero.social> For 404 page should have something like “oops boating accident be back soon”