From 4eb6baf99f9de87d956dded432e909d7af89474b Mon Sep 17 00:00:00 2001
From: Ryan Parman <ryan@ryanparman.com>
Date: Wed, 22 Jan 2025 11:24:33 -0700
Subject: [PATCH] docs: Content updates.

---
 .vscode/settings.json                         |  3 ++-
 Makefile                                      |  2 ++
 config/_default/server.toml                   | 17 +++++--------
 config/development/hugo.toml                  |  4 ++--
 content/learning/http-version.md              |  6 ++---
 content/learning/recommended-cipher-suites.md | 24 +++++++++----------
 content/learning/tls/_index.md                |  6 ++---
 themes/dst2024                                |  2 +-
 8 files changed, 31 insertions(+), 33 deletions(-)

diff --git a/.vscode/settings.json b/.vscode/settings.json
index af95173..e08f89c 100644
--- a/.vscode/settings.json
+++ b/.vscode/settings.json
@@ -12,5 +12,6 @@
     "editor.defaultFormatter": "esbenp.prettier-vscode"
   },
   "prettier.enable": true,
-  "prettier.useEditorConfig": true
+  "prettier.useEditorConfig": true,
+  "sarif-viewer.connectToGithubCodeScanning": "off",
 }
diff --git a/Makefile b/Makefile
index fd5dd1c..9a41e66 100644
--- a/Makefile
+++ b/Makefile
@@ -218,6 +218,7 @@ build:
 ## serve: [website] Perform a development build of the website, and run a local web server.
 serve:
 	HUGO_ENV=development hugo serve \
+		--baseURL=http://devsec.local \
 		--buildDrafts \
 		--cleanDestinationDir \
 		--disableFastRender \
@@ -231,6 +232,7 @@ serve:
 		--templateMetricsHints \
 		--watch \
 	;
+#		--appendPort=false \
 
 # Implement make test
 
diff --git a/config/_default/server.toml b/config/_default/server.toml
index f451475..e5465e0 100644
--- a/config/_default/server.toml
+++ b/config/_default/server.toml
@@ -3,14 +3,9 @@
 [[headers]]
 for = '/**'
   [headers.values]
-  #   Content-Security-Policy = 'script-src localhost:1313'
-  Referrer-Policy        = 'strict-origin-when-cross-origin'
-  X-Content-Type-Options = 'nosniff'
-  X-Frame-Options        = 'DENY'
-  X-XSS-Protection       = '1; mode=block'
-
-  # [[redirects]]
-  # force = false
-  # from   = '/myspa/**'
-  # to     = '/myspa/'
-  # status = 200
+  Access-Control-Allow-Origin = "*"
+  # Content-Security-Policy     = 'script-src localhost:1313 devsec.local devsec.local:1313; style-src localhost:1313 devsec.local devsec.local:1313'
+  Referrer-Policy             = 'strict-origin-when-cross-origin'
+  X-Content-Type-Options      = 'nosniff'
+  X-Frame-Options             = 'DENY'
+  X-XSS-Protection            = '1; mode=block'
diff --git a/config/development/hugo.toml b/config/development/hugo.toml
index 88954b7..9c349cb 100644
--- a/config/development/hugo.toml
+++ b/config/development/hugo.toml
@@ -1,4 +1,4 @@
-baseURL = "http://localhost:1313"
+baseURL = "http://devsec.local"
 
 [params]
-apiHostname = "http://127.0.0.1:8080"
+apiHostname = "http://api.devsec.local"
diff --git a/content/learning/http-version.md b/content/learning/http-version.md
index fa09075..485c0d3 100644
--- a/content/learning/http-version.md
+++ b/content/learning/http-version.md
@@ -6,13 +6,13 @@ layout: learn-single
 good_better_best:
   1good:
     title: OK
-    description: '<span class="ui-badge-success-wrap">HTTP/1.1</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">HTTP/1.1</span>'
   2better:
     title: Better
-    description: '<span class="ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-tip-wrap">HTTP/2</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-wrap ui-badge-tip-wrap">HTTP/2</span>'
   3best:
     title: Best
-    description: '<span class="ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-tip-wrap">HTTP/2</span> + <span class="ui-badge-indigo-wrap">HTTP/3</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">HTTP/1.1</span> + <span class="ui-badge-wrap ui-badge-tip-wrap">HTTP/2</span> + <span class="ui-badge-wrap ui-badge-indigo-wrap">HTTP/3</span>'
 
 docs:
   aws:
diff --git a/content/learning/recommended-cipher-suites.md b/content/learning/recommended-cipher-suites.md
index c829e10..471088c 100644
--- a/content/learning/recommended-cipher-suites.md
+++ b/content/learning/recommended-cipher-suites.md
@@ -10,19 +10,19 @@ In {{% year %}}, there are only two configurations which are considered fully se
 
 ## TLS versions
 
-* <span class="ui-badge-success-wrap">{{< svg-check >}} TLS 1.3</span>+ <span class="ui-badge-success-wrap">{{< svg-check >}} TLS 1.2</span>
+* <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS 1.3</span>+ <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS 1.2</span>
 
-* <span class="ui-badge-error-wrap">{{< svg-x >}} TLS 1.1</span>, <span class="ui-badge-error-wrap">{{< svg-x >}} TLS 1.0</span>, <span class="ui-badge-error-wrap">{{< svg-x >}} SSLv3</span>, and <span class="ui-badge-error-wrap">{{< svg-x >}} SSLv2</span>
+* <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} TLS 1.1</span>, <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} TLS 1.0</span>, <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} SSLv3</span>, and <span class="ui-badge-wrap ui-badge-error-wrap">{{< svg-x >}} SSLv2</span>
 
 ## TLS 1.3 cipher suites
 
 In order to simplify configuration and increase security, [TLS 1.3] _only defines_ three cipher suites which are meant to be non-configurable.
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_AES_128_GCM_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_AES_128_GCM_SHA256</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_AES_256_GCM_SHA384</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_AES_256_GCM_SHA384</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_CHACHA20_POLY1305_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_CHACHA20_POLY1305_SHA256</span>
 
 ## TLS 1.2 cipher suites with _Forward Secrecy_
 
@@ -32,23 +32,23 @@ In order to simplify configuration and increase security, [TLS 1.3] _only define
 
 As a result, these are the only cipher suites with no known vulnerabilities left, and are likely to work with most server software.
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_128_GCM_SHA256</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_AES_256_GCM_SHA384</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_ECDSA_WITH_CHACHA20_POLY1305_SHA256</span>
 
-These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authenticating signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
+These are equivalent to the cipher suite identifiers used in **TLS 1.3**. The only difference being that they specify the key exchange (`ECDHE`) and the authentication signing mechanism (`ECDSA`), whereas the TLS 1.3 cipher suites do not.
 
 ### Tolerable
 
 The following cipher suites are **also secure**, and you can add them **in addition to** the _Recommended_ cipher suites. However they aren't **recommended** because _RSA Authentication Signing_ with keys over 2048 bits can have a notable impact to performance.
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_128_GCM_SHA256</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_AES_256_GCM_SHA384</span>
 
-1. <span class="ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
+1. <span class="ui-badge-wrap ui-badge-success-wrap">{{< svg-check >}} TLS_ECDHE_RSA_WITH_CHACHA20_POLY1305_SHA256</span>
 
 [TLS 1.2]: https://datatracker.ietf.org/doc/html/rfc5246
 [TLS 1.3]: https://datatracker.ietf.org/doc/html/rfc8446
diff --git a/content/learning/tls/_index.md b/content/learning/tls/_index.md
index e31efba..0d6bf95 100644
--- a/content/learning/tls/_index.md
+++ b/content/learning/tls/_index.md
@@ -6,13 +6,13 @@ layout: list
 good_better_best:
   1abysmal:
     title: Not secure at all
-    description: '<span class="ui-badge-error-wrap">SSLv2</span> <span class="ui-badge-error-wrap">SSLv3</span>'
+    description: '<span class="ui-badge-wrap ui-badge-error-wrap">SSLv2</span> <span class="ui-badge-wrap ui-badge-error-wrap">SSLv3</span>'
   2better:
     title: Security broken
-    description: '<span class="ui-badge-error-wrap">TLS 1.0</span> <span class="ui-badge-error-wrap">TLS 1.1</span>'
+    description: '<span class="ui-badge-wrap ui-badge-error-wrap">TLS 1.0</span> <span class="ui-badge-wrap ui-badge-error-wrap">TLS 1.1</span>'
   3best:
     title: Safe and secure
-    description: '<span class="ui-badge-success-wrap">TLS 1.2</span>+ <span class="ui-badge-success-wrap">TLS 1.3</span>'
+    description: '<span class="ui-badge-wrap ui-badge-success-wrap">TLS 1.2</span>+ <span class="ui-badge-wrap ui-badge-success-wrap">TLS 1.3</span>'
 
 ---
 
diff --git a/themes/dst2024 b/themes/dst2024
index d6cf6b7..c0d73a5 160000
--- a/themes/dst2024
+++ b/themes/dst2024
@@ -1 +1 @@
-Subproject commit d6cf6b7fbf825b15fd8f3dd67440c5373004b287
+Subproject commit c0d73a5b86050c98aae9e2283947b9fe9de99178