365DevNet/365devnet
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Enhance development and production scripts in package.json and update README for CSP testing

Browse Source 
- Added new npm scripts for production testing with Content Security Policy: `dev:prod` and `preview:prod`.
- Updated README.md to include detailed instructions for development, production testing, and a pre-deployment checklist to ensure security settings are verified before deployment.
This commit is contained in:
Richard Bergsma
2025-11-06 12:54:47 +01:00
parent 993d16d920
commit db6270438f
5 changed files with 449 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

73
README.md
View File

@@ -103,4 +103,75 @@ GITEA_TOKEN=
# AI (optional)
GEMINI_API_KEY=
```
# Security - Content Security Policy
# Set to 1 to enable CSP (use for production testing)
# ENABLE_SSR_CSP=1
```
---
## 🚀 Development & Testing
### Quick Start
```bash
# Install dependencies
npm install
# Start development server (fast, no CSP)
npm run dev
# Visit http://localhost:4321
```
### **⚠️ IMPORTANT: Pre-Deployment Testing**
**Always test with production security settings before deploying:**
```bash
# Test with CSP enabled (matches production)
npm run dev:prod
```
This will:
- Build the production bundle
- Run with `server.js` (same as Docker)
- Enable Content Security Policy (`ENABLE_SSR_CSP=1`)
- Help you catch security/CSP issues before deployment
### Available Commands
| Command | Description |
|---------|-------------|
| `npm run dev` | Development server (Astro dev, no CSP) |
| `npm run dev:prod` | **Production testing with CSP** ⚠️ Use before deploying! |
| `npm run build` | Build for production |
| `npm run preview:prod` | Preview built site with CSP enabled |
| `npm run start` | Start production server |
| `npm run check` | Run linting & type checking |
### 📋 Pre-Deployment Checklist
See [TESTING.md](./TESTING.md) for the complete testing guide and checklist.
**Quick checks:**
- [ ] Run `npm run dev:prod` locally
- [ ] Test mobile menu, language selector, theme switcher
- [ ] Check browser console for CSP violations
- [ ] Run `npm run check` for linting errors
---
## 🐳 Docker Deployment
The production environment runs in Docker with CSP enabled:
```bash
# Build and run with Docker Compose
docker-compose up -d
# View logs
docker-compose logs -f web
```
Environment variables are set in `docker-compose.yml` and `.env`.