Latest posts
Posts
-
Astro client islands under a strict CSP — pinning the hydration inlines by sha256 hash
Why react islands with `client:load` silently fail under `script-src 'self'`, how I allowed the two deterministic Astro hydration inlines via hash, and how to refresh the hashes after Astro updates.
-
Astro Justified Gallery Layout — a modern replacement for the Flickr classic
My new npm package @altner/astro-justified-gallery-layout: a lean justified-layout gallery for Astro with EXIF/IPTC/GPS, LQIP previews, a virtualized variant for huge collections, and a built-in lightbox.
-
A Callout component for Astro — info boxes with socials and band members
A reusable Astro callout: info / note / warning, optional title, social links, and a members section with name, role, and multiple platforms per person.
-
Embedding Google Maps GDPR-compliant — consent box with app links
A lightweight Google Maps embed component for Astro: no request before consent, localStorage-based consent, automatic Apple Maps and Google Maps app links from GPS coordinates.
-
Embedding YouTube videos GDPR-compliant — three-tier consent box without a cookie
A lightweight YouTube embed component for Astro with real consent (once / remember / external), no cookie, and no third-party request before the click.
-
Leaflet + Stadia Maps behind a strict CSP: two gotchas
Wiring up a photo world map with Leaflet and Stadia Maps tiles on an Astro site behind Caddy — and why it didn't work in production despite a correct CSP.
-
Why Stadia Maps instead of OpenStreetMap tiles?
For the photo world map I wanted OSM data, but not a tile server overseas. Why I chose against the official OSM tile servers and in favour of Stadia Maps' EU endpoint.
-
Caching webmention avatars locally at build time
A small Astro helper that downloads webmention author photos during the build, dedupes them, and serves them locally — for a strict CSP, stronger privacy, and better availability.
-
Security headers for an Astro site behind Caddy
How I hardened my site with a strict Content Security Policy, clean response headers, and a GDPR-compliant configuration — and solved the Astro inline-script gotcha along the way.
-
Setting up a Forgejo Actions runner for self-hosted CI/CD
How I replaced manual SSH deploys with a push-to-deploy pipeline using a self-hosted Forgejo Actions runner on the same VPS.