flowmaster-mission-control-demo

shad/flowmaster-mission-control-demo

Fork 0

Commit Graph

Author	SHA1	Message	Date
Shad	553c681ede	build: add runtime-only Dockerfile + nginx hardening + allow dist in build context Some checks are pending build-and-publish / test (push) Waiting to run Details build-and-publish / image (push) Blocked by required conditions Details Runtime-only Dockerfile.runtime copies a pre-built dist/ into the nginx image; sidesteps the Node-on-emulation libuv crash when building on Apple Silicon for linux/amd64. nginx.conf hardened: - HSTS, X-Content-Type-Options, X-Frame-Options DENY, Referrer-Policy - Permissions-Policy locking down camera/microphone/geolocation/payment - Content-Security-Policy with strict default-src self + connect-src scoped to our backend - COOP / CORP same-origin - X-Robots-Tag noindex (not a public marketing site) - server_tokens off Confidence: high Scope-risk: narrow	2026-06-14 03:52:36 +04:00

Author

SHA1

Message

Date

Shad

553c681ede

build: add runtime-only Dockerfile + nginx hardening + allow dist in build context

build-and-publish / test (push) Waiting to run

Details

build-and-publish / image (push) Blocked by required conditions

Details

Runtime-only Dockerfile.runtime copies a pre-built dist/ into the nginx
image; sidesteps the Node-on-emulation libuv crash when building on
Apple Silicon for linux/amd64.

nginx.conf hardened:
- HSTS, X-Content-Type-Options, X-Frame-Options DENY, Referrer-Policy
- Permissions-Policy locking down camera/microphone/geolocation/payment
- Content-Security-Policy with strict default-src self + connect-src
  scoped to our backend
- COOP / CORP same-origin
- X-Robots-Tag noindex (not a public marketing site)
- server_tokens off

Confidence: high
Scope-risk: narrow

2026-06-14 03:52:36 +04:00

1 Commits