neuron-technologies/neuron-web
2
0
Fork 0
Code Issues 1 Pull Requests Actions Packages Projects Releases Wiki Activity
90 Commits 40 Branches 0 Tags
fix/pentest-security-hardening
T
Clone
Open with VS Code Open with VSCodium Open with Intellij IDEA
Download ZIP Download TAR.GZ Download BUNDLE
will.anderson 8d741fac20 Fix pentest security findings 
- Turnstile server-side verification: reject requests with no cf_token;
  read secret from TURNSTILE_SECRET_KEY env (no longer hardcoded); fix
  siteverify URL from v0 to v1
- Security headers: wrap all responses via http_response() with HSTS,
  X-Content-Type-Options, X-Frame-Options, Referrer-Policy,
  Permissions-Policy, and Content-Security-Policy
- GCS error info leak: guard /share/<id> response — only return content
  that starts with '<' (valid HTML); GCS error JSON is silently 404d
- robots.txt: remove Sitemap reference to sitemap.xml that returns 404
- SRI hash: add integrity + crossorigin attributes to marked.min.js CDN tag
- Attestations bucket: write /api/attest records to GCS_ATTEST_BUCKET
  (dedicated private bucket) instead of the share bucket; falls back to
  GCS_SHARE_BUCKET if GCS_ATTEST_BUCKET is not set (legacy deploys)
2026-05-06 20:58:29 -05:00
.gitea/workflows
ci: fix EL_HOME to use lang/ subdirectory for El repo clone
2026-05-05 11:01:47 +00:00
bin
Add El source files for all client-side JS
2026-05-04 11:23:21 -05:00
build
Add marketplace section, OAuth checkout, social icons, 35% efficiency claim, preorder CTAs, enterprise Q1 2027, founding member limits, paragraph spacing in demo chat, no em dashes
2026-05-01 09:20:45 -05:00
dist
soul-demo.c: ship the history-aware Claude call source
2026-05-02 13:21:31 -05:00
migrations
security: replace denylist sanitize_share_html with allowlist el_html_sanitize
2026-05-02 12:56:33 -05:00
runtime
ci: add gitflow — dev/stage/main branches with CI workflows
2026-05-03 11:28:43 -05:00
scripts
Add El source files for all client-side JS
2026-05-04 11:23:21 -05:00
src
Fix pentest security findings
2026-05-06 20:58:29 -05:00
.gitignore
Ignore all emitted HTML files via wildcard
2026-05-05 03:52:56 -05:00
build-stage.sh
Add El source files for all client-side JS
2026-05-04 11:23:21 -05:00
build.sh
Add marketplace section, OAuth checkout, social icons, 35% efficiency claim, preorder CTAs, enterprise Q1 2027, founding member limits, paragraph spacing in demo chat, no em dashes
2026-05-01 09:20:45 -05:00
Dockerfile
Add marketplace section, OAuth checkout, social icons, 35% efficiency claim, preorder CTAs, enterprise Q1 2027, founding member limits, paragraph spacing in demo chat, no em dashes
2026-05-01 09:20:45 -05:00
Dockerfile.stage
Add El source files for all client-side JS
2026-05-04 11:23:21 -05:00
manifest.el
Rewrite landing to El component architecture
2026-04-29 16:21:08 -05:00
server.c
Add marketplace section, OAuth checkout, social icons, 35% efficiency claim, preorder CTAs, enterprise Q1 2027, founding member limits, paragraph spacing in demo chat, no em dashes
2026-05-01 09:20:45 -05:00
server.el
Add marketplace section, OAuth checkout, social icons, 35% efficiency claim, preorder CTAs, enterprise Q1 2027, founding member limits, paragraph spacing in demo chat, no em dashes
2026-05-01 09:20:45 -05:00
S
Description
Neuron marketing site - El-native server
9.7 MiB
Languages
Emacs Lisp 47.1%
C 34.7%
HTML 7.5%
TypeScript 5.4%
JavaScript 2.4%
Other 2.9%