security

Posts tagged security

• 
  Tech Apr 29, 2026

  Astro client islands under a strict CSP — pinning the hydration inlines by sha256 hash

  Why react islands with `client:load` silently fail under `script-src 'self'`, how I allowed the two deterministic Astro hydration inlines via hash, and how to refresh the hashes after Astro updates.

• L
  Tech Apr 24, 2026

  Leaflet + Stadia Maps behind a strict CSP: two gotchas

  Wiring up a photo world map with Leaflet and Stadia Maps tiles on an Astro site behind Caddy — and why it didn't work in production despite a correct CSP.

• S
  Tech Apr 22, 2026

  Security headers for an Astro site behind Caddy

  How I hardened my site with a strict Content Security Policy, clean response headers, and a GDPR-compliant configuration — and solved the Astro inline-script gotcha along the way.