Reads version from git describe, injects into i18n.js and index.html
before minification. No manual version bumping needed.
Tag with: git tag v1.1.0
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Add --chmod=D755,F644 to rsync (HestiaCP PHP-FPM needs world-readable)
- Exclude scripts/.deploy.env from deploy (contains server credentials)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
- Content Security Policy via <meta> tag (blocks exfiltration to foreign domains)
- Subresource Integrity on all static and dynamically loaded scripts
- Nginx security headers snippet (HSTS, CSP, frame-ancestors on all responses)
- Auto-minify and SRI hash update in deploy.sh (prevents stale hashes)
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
