6 Commits

Author SHA1 Message Date
daniel-c-harvey ca057dc630 chore: make DeepDrftManager uncrawlable and noindex (Phase 23.3)
Static robots.txt (Disallow: /) in wwwroot + blanket noindex meta in App.razor head. No env gate — the CMS is always uncrawlable. Defense in depth per spec OQ-C1.
2026-06-23 07:23:49 -04:00
daniel-c-harvey 21b7661ca8 fix: suppress h1 focus ring caused by FocusOnNavigate in both Blazor apps 2026-06-04 18:18:23 -04:00
Daniel Harvey 95772c655e fix(manager): redirect unauth nav to login instead of 401
AddAuthBlocks installs JwtBearer as the default challenge scheme; the
authorization middleware 401s unauthenticated nav requests before the
Blazor router runs. Tokens live in localStorage and are only readable
via JS interop after the SignalR circuit is live.

- Program.cs: MapRazorComponents .AllowAnonymous() so nav reaches the
  Blazor router; API surfaces (MapAuthBlocks, MapControllers) still
  enforce JWT. Fix middleware order to UseAuthentication -> UseAntiforgery
  -> UseAuthorization per Blazor Web App template.
- App.razor: InteractiveServerRenderMode(prerender:false) on Routes and
  HeadOutlet so AuthorizeRouteView evaluates after JS interop is ready;
  extract to static field (was two inline allocations per render cycle).
- CmsLayout/Pages: drop conflicting per-component @rendermode directives
  (parent now owns the render mode).
- Routes.razor: break authenticated-but-wrong-role redirect loop; split
  NotAuthorized into unauthenticated -> RedirectToLogin and
  authenticated-wrong-role -> RedirectToAccessDenied (new component).
- Pages/Index.razor: deleted — NavigateTo('/cms') was unreachable for
  unauthenticated users and racey for authorized ones.
2026-05-24 18:29:07 -04:00
Daniel Harvey 82ff20404c fix(postmerge): guard DeepDrftMenu SSR hang, add Manager root redirect, add Manager styles link 2026-05-20 15:29:40 -04:00
Daniel Harvey 8b8796fc58 refactor(split): extract DeepDrftShared.Client RCL with shared atoms
TrackCard, TracksGallery, DDIcons, DeepDrftPalettes (Default+Cms), DeepDrftFontLinks,
and palette CSS tokens extracted. Both hosts and DeepDrftCms reference the shared RCL.
2026-05-19 17:14:23 -04:00
Daniel Harvey cd650c4365 feat(manager): stand up DeepDrftManager CMS host (Phase 1 of two-app split)
InteractiveServer only, full AuthBlocks, no WASM. Controllers scaffolded for future
CMS controller migration. CmsStealthRoutingHandler omitted by design (subdomain topology).
2026-05-19 15:25:25 -04:00