Skip to content

Optimizations and Security #385

New issue

Have a question about this project? # for a free GitHub account to open an issue and contact its maintainers and the community.

#

By clicking “#”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? # to your account

Jump to bottom
Open
wants to merge 5 commits into
base: main
Choose a base branch
from
Open

Optimizations and Security #385

wants to merge 5 commits into from

Conversation

PraneyaKumar
Copy link
Contributor

This PR improves site performance and security by optimizing assets and implementing best practices:

Fixes #251

Optimized Asset Loading:

  • Minified bootstrap.css, bootstrap-responsive.css, and swc.css, reducing their total size.
  • This helps reduce page load times, improves performance, and decreases bandwidth usage for users.

Deferred JavaScript parsing:

  • Some JavaScript files were blocking the initial page load.
  • Deferred scripts so that they load only after the HTML is parsed, improving First Contentful Paint (FCP) and page responsiveness.

Implemented Content Security Policy (CSP):

  • Added CSP headers in _config.yml to restrict resource loading and mitigate security risks (e.g., XSS attacks).
  • This ensures that scripts and styles only load from trusted sources, improving security.

Enabled Caching for Faster Page Loads:

  • Integrated jekyll-include-cache, which caches expensive Liquid includes (like navigation and footers).
  • This reduces Jekyll’s build time and speeds up page rendering.

Improved Accessibility:

  • Added a lang attribute to the HTML root (<html lang="en">), which helps screen readers and improves SEO.

@nabobalis nabobalis mentioned this pull request Mar 17, 2025
Closed
@nabobalis
Copy link
Member

The ideas page seems to not be loading for me, https://output.circle-artifacts.com/output/job/6dd88010-b230-4639-a0aa-107fa0977d28/artifacts/0/html/gsoc/gsoc2025/index.html

@dpshelio
Copy link
Member

dpshelio commented Mar 18, 2025
edited
Loading

Thanks for your contributions, some suggestions below.

  • I'd prefer independent changes on independent PRs.
  • I don't like the CSS being minified when it has already departed from sass, making it harder to modify them in the future.
  • can you explain the security dangers of a static site like this one?
  • does the cache plugin works on GH pages?

It's a good practice to create an issue before contributing with a PR, so that we can discuss the need or the approach of these issues. In this case an issue was already created, writing there before with your approach is appreciated.

@PraneyaKumar
Copy link
Contributor Author

Thanks for your contributions, some suggestions below.

  • I'd prefer independent changes on independent PRs.
  • I don't like the CSS being minified when it has already departed from sass, making it harder to modify them in the future.
  • can you explain the security dangers of a static site like this one?
  • does the cache plugin works on GH pages?

It's a good practice to create an issue before contributing with a PR, so that we can discuss the need or the approach of these issues. In this case an issue was already created, writing there before with your approach is appreciated.

Thanks for the feedback! I appreciate the detailed review and will make the necessary changes.

  • I understand your concern about maintainability. Since the project has moved away from Sass, keeping the CSS readable is important.

  • While static sites are generally more secure than dynamic ones, they can still be vulnerable to:

    • XSS (Cross-Site Scripting): If user-generated content is included (even indirectly), an attacker could inject scripts.
    • Content Injection: If an attacker compromises dependencies (e.g., external scripts), they could modify content.
    • Clickjacking: If the site is embedded in an iframe, users might interact with unintended UI elements.
      The CSP implementation was aimed at reducing these risks by enforcing strict loading rules.

  • Does jekyll-include-cache Work on GitHub Pages?

    • GitHub Pages has limited support for plugins, and jekyll-include-cache is not included in the supported list.
      Creating an Issue Before a PR

In the future, I'll first open an issue to discuss the approach before submitting a PR. Thanks for pointing this out!

# for free to join this conversation on GitHub. Already have an account? # to comment
Reviewers
No reviews
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.

Optimizations
3 participants
@PraneyaKumar @nabobalis @dpshelio