Initial commit: Fat Kiss site — Hugo + Decap CMS
This commit is contained in:
+31
@@ -0,0 +1,31 @@
|
||||
# Fat Kiss Security Checklist
|
||||
|
||||
## Production
|
||||
- [x] HTTPS enforced (Let's Encrypt via certbot)
|
||||
- [x] Cloudflare proxy (orange cloud)
|
||||
- [x] Apache security headers
|
||||
- [x] /admin/ noindex
|
||||
- [x] No secrets in frontend code
|
||||
- [x] .env files gitignored
|
||||
|
||||
## Contact Form
|
||||
- [x] Turnstile client + server verification
|
||||
- [x] Rate limiting
|
||||
- [x] Honeypot field
|
||||
- [x] Input sanitization
|
||||
- [x] Category allowlist
|
||||
- [x] CORS locked
|
||||
|
||||
## Admin
|
||||
- [x] Gitea OAuth
|
||||
- [x] MFA required
|
||||
- [x] No server control exposed
|
||||
- [x] Media path restricted
|
||||
|
||||
## To Do
|
||||
- [ ] Configure Gitea webhook for auto-deploy
|
||||
- [ ] Set up Turnstile site key in contact form
|
||||
- [ ] Configure SMTP for contact handler
|
||||
- [ ] Enable MFA on Amber's Gitea account
|
||||
- [ ] Add CSP header
|
||||
- [ ] Regular dependency updates
|
||||
Reference in New Issue
Block a user