Compare commits

...

2 Commits

Author SHA1 Message Date
posimai 8a2a89b330 feat(security): add vercel.json with security headers and sw.js cache control
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 19:00:53 +09:00
posimai 0df7434be4 fix(security): add noreferrer to all target=_blank links, add manifest id
Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-04-17 18:43:59 +09:00
2 changed files with 36 additions and 2 deletions

View File

@ -715,7 +715,7 @@
</button> </button>
<div class="header-dot" aria-hidden="true"></div> <div class="header-dot" aria-hidden="true"></div>
<span class="header-title" id="headerTitle">Board</span> <span class="header-title" id="headerTitle">Board</span>
<a id="headerAppLink" href="#" target="_blank" rel="noopener" style="display:none;font-size:11px;color:var(--text3);text-decoration:none;margin-left:6px;" onmouseover="this.style.color='var(--accent)'" onmouseout="this.style.color='var(--text3)'"></a> <a id="headerAppLink" href="#" target="_blank" rel="noopener noreferrer" style="display:none;font-size:11px;color:var(--text3);text-decoration:none;margin-left:6px;" onmouseover="this.style.color='var(--accent)'" onmouseout="this.style.color='var(--text3)'"></a>
</div> </div>
<button class="icon-btn" id="addHeaderBtn" aria-label="タスクを追加"> <button class="icon-btn" id="addHeaderBtn" aria-label="タスクを追加">
<i data-lucide="plus" style="width:18px;height:18px;stroke-width:2"></i> <i data-lucide="plus" style="width:18px;height:18px;stroke-width:2"></i>
@ -1073,7 +1073,7 @@ function boardCard(t, showApp = true) {
const note = (t.status === 'hold' && t.note) const note = (t.status === 'hold' && t.note)
? `<div class="task-hold-note">${esc(t.note)}</div>` : ''; ? `<div class="task-hold-note">${esc(t.note)}</div>` : '';
const commit = t.commit const commit = t.commit
? `<a class="task-commit" href="https://github.com/posimai/${t.appId}/commit/${t.commit}" target="_blank" rel="noopener">${t.commit.slice(0,7)}</a>` : ''; ? `<a class="task-commit" href="https://github.com/posimai/${t.appId}/commit/${t.commit}" target="_blank" rel="noopener noreferrer">${t.commit.slice(0,7)}</a>` : '';
const date = (done && t.done_at) ? `<span class="task-date">${t.done_at}</span>` : ''; const date = (done && t.done_at) ? `<span class="task-date">${t.done_at}</span>` : '';
const appChip = showApp ? `<div class="task-app-chip">${shortName(t.appId)}</div>` : ''; const appChip = showApp ? `<div class="task-app-chip">${shortName(t.appId)}</div>` : '';
return `<div class="task-card${done?' task-done':''}" data-id="${t.id}" data-app="${t.appId}" draggable="true" role="button" tabindex="0"> return `<div class="task-card${done?' task-done':''}" data-id="${t.id}" data-app="${t.appId}" draggable="true" role="button" tabindex="0">

34
vercel.json Normal file
View File

@ -0,0 +1,34 @@
{
"headers": [
{
"source": "/sw.js",
"headers": [
{
"key": "Cache-Control",
"value": "public, max-age=0, must-revalidate"
}
]
},
{
"source": "/(.*)",
"headers": [
{
"key": "X-Content-Type-Options",
"value": "nosniff"
},
{
"key": "X-Frame-Options",
"value": "DENY"
},
{
"key": "X-XSS-Protection",
"value": "1; mode=block"
},
{
"key": "Referrer-Policy",
"value": "strict-origin-when-cross-origin"
}
]
}
]
}