docs: Content updates.

.vscode/settings.json

@@ -12,5 +12,6 @@
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "prettier.enable": true,
-  "prettier.useEditorConfig": true
+  "prettier.useEditorConfig": true,
+  "sarif-viewer.connectToGithubCodeScanning": "off",
 }

Makefile

@@ -218,6 +218,7 @@ build:
 ## serve: [website] Perform a development build of the website, and run a local web server.
 serve:
 	HUGO_ENV=development hugo serve \
+		--baseURL=http://devsec.local \
 		--buildDrafts \
 		--cleanDestinationDir \
 		--disableFastRender \
@@ -231,6 +232,7 @@ serve:
 		--templateMetricsHints \
 		--watch \
 	;
+#		--appendPort=false \
 
 # Implement make test
 

config/_default/server.toml

@@ -3,14 +3,9 @@
 [[headers]]
 for = '/**'
   [headers.values]
-  #   Content-Security-Policy = 'script-src localhost:1313'
-  Referrer-Policy        = 'strict-origin-when-cross-origin'
-  X-Content-Type-Options = 'nosniff'
-  X-Frame-Options        = 'DENY'
-  X-XSS-Protection       = '1; mode=block'
-
-  # [[redirects]]
-  # force = false
-  # from   = '/myspa/**'
-  # to     = '/myspa/'
-  # status = 200
+  Access-Control-Allow-Origin = "*"
+  # Content-Security-Policy     = 'script-src localhost:1313 devsec.local devsec.local:1313; style-src localhost:1313 devsec.local devsec.local:1313'
+  Referrer-Policy             = 'strict-origin-when-cross-origin'
+  X-Content-Type-Options      = 'nosniff'
+  X-Frame-Options             = 'DENY'
+  X-XSS-Protection            = '1; mode=block'

config/development/hugo.toml

@@ -1,4 +1,4 @@
-baseURL = "http://localhost:1313"
+baseURL = "http://devsec.local"
 
 [params]
-apiHostname = "http://127.0.0.1:8080"
+apiHostname = "http://api.devsec.local"

content/learning/http-version.md

@@ -6,13 +6,13 @@ layout: learn-single
 good_better_best:
   1good:
     title: OK
-    description: '<span class="ui-badge-success-wrap">HTTP/1.1</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">HTTP/1.1</span>'
   2better:
     title: Better
-    description: '<span class="ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-tip-wrap">HTTP/2</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-wrap ui-badge-tip-wrap">HTTP/2</span>'
   3best:
     title: Best
-    description: '<span class="ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-tip-wrap">HTTP/2</span> + <span class="ui-badge-indigo-wrap">HTTP/3</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-wrap ui-badge-tip-wrap">HTTP/2</span> + <span class="ui-badge-wrap ui-badge-indigo-wrap">HTTP/3</span>'
 
 docs:
   aws:

content/learning/recommended-cipher-suites.md

@@ -10,19 +10,19 @@ In {{% year %}}, there are only two configurations which are considered fully se
 
 ## TLS versions
 
-* <span class="ui-badge-success-wrap">{{< svg-check >}} TLS 1.3</span>+ <span class="ui-badge-success-wrap">{{< svg-check >}} TLS 1.2</span>
+* <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS 1.3</span>+ <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS 1.2</span>
 
-* <span class="ui-badge-error-wrap">{{< svg-x >}} TLS 1.1</span>, <span class="ui-badge-error-wrap">{{< svg-x >}} TLS 1.0</span>, <span class="ui-badge-error-wrap">{{< svg-x >}} SSLv3</span>, and <span class="ui-badge-error-wrap">{{< svg-x >}} SSLv2</span>
+* <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} TLS 1.1</span>, <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} TLS 1.0</span>, <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} SSLv3</span>, and <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} SSLv2</span>
 
 ## TLS 1.3 cipher suites
 
 In order to simplify configuration and increase security, [TLS 1.3] _only defines_ three cipher suites which are meant to be non-configurable.
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_AES_128_GCM_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_AES_128_GCM_SHA256</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_AES_256_GCM_SHA384</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_AES_256_GCM_SHA384</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_CHACHA20_POLY1305_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_CHACHA20_POLY1305_SHA256</span>
 
 ## TLS 1.2 cipher suites with _Forward Secrecy_
 
@@ -32,23 +32,23 @@ In order to simplify configuration and increase security, [TLS 1.3] _only define
 
 As a result, these are the only cipher suites with no known vulnerabilities left, and are likely to work with most server software.
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
 
-These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authenticating signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
+These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authentication signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
 
 ### Tolerable
 
 The following cipher suites are **also secure**, and you can add them **in addition to** the _Recommended_ cipher suites. However they aren't **recommended** because _RSA Authentication Signing_ with keys over 2048 bits can have a notable impact to performance.
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
 
 [TLS 1.2]: https://datatracker.ietf.org/doc/html/rfc5246
 [TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446

content/learning/tls/_index.md

@@ -6,13 +6,13 @@ layout: list
 good_better_best:
   1abysmal:
     title: Not secure at all
-    description: '<span class="ui-badge-error-wrap">SSLv2</span> <span class="ui-badge-error-wrap">SSLv3</span>'
+    description: '<span class="ui-badge-wrap ui-badge-error-wrap">SSLv2</span> <span class="ui-badge-wrap ui-badge-error-wrap">SSLv3</span>'
   2better:
     title: Security broken
-    description: '<span class="ui-badge-error-wrap">TLS 1.0</span> <span class="ui-badge-error-wrap">TLS 1.1</span>'
+    description: '<span class="ui-badge-wrap ui-badge-error-wrap">TLS 1.0</span> <span class="ui-badge-wrap ui-badge-error-wrap">TLS 1.1</span>'
   3best:
     title: Safe and secure
-    description: '<span class="ui-badge-success-wrap">TLS 1.2</span>+ <span class="ui-badge-success-wrap">TLS 1.3</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">TLS 1.2</span>+ <span class="ui-badge-wrap ui-badge-success-wrap">TLS 1.3</span>'
 
 ---