security

Air Gapping

Build and run your entire site without Internet access.
Unless running the Quick Install After Dark does not require an Internet connection to function. Leverage this feature in creative ways: Use Ephemeral Hosting to report news without tipping off authorities. Run your site behind a NAT or firewall blocking all outbound requests. Review the Online Help docs during a flight on Virgin Galactic. Keep a personal journal while couchsurfing through Southeast Asia. Securely generate configuration for the Web Mining add-on module.

Content Security Policy

Control resources the user agent is allowed to load.
After Dark helps you secure your site using Content Security Policy (CSP). Basic CSP is enabled by default and Advanced Configurations are also possible. Basic CSP offers minimal protection but is still helpful as it keeps resources from accidentally being loaded over http. In addition, Basic CSP automatically blocks all Flash and Silverlight objects before they have a chance to load. Basic Configuration Disable CSP site-wide add the following to your site config:

Ephemeral Hosting

Briefly expose your site to the Internet over SSH with encryption.
Using Serveo you may briefly expose your site to the Internet with end-to-end encryption, no sign-up required. Use this alongside Air Gapping to quietly poke a hole through your NAT or firewall to move information more discretely. Warning: No form of communication over the Internet is 100% secure. If you don’t trust Serveo or SSH hire a Dropgang or use the good ‘ol sneakernet. Serve and expose your site with the following command:

High Tea

Production-ready self-hosted full-stack git service.
High Tea pairs Gitea with Traefik enabling you to manage your source code online using an intuitive and sleek-looking web-based interface: Dashboard view within the High Tea Gitea application. Use it to manage organizations, create pull mirrors, selectively mark private repos, configure LFS and collaborate on code with others using git for free. High Tea also provides a Traefik integration so you can manage web services, monitor traffic and inspect service health in real-time.

Referrer Policy

Specify how much info is passed to external links.
After Dark adds a Referrer Policy to improve site security and increase visitor privacy beyond browser defaults using a simple site-wide policy. Adjust the site-wide default of same-origin from Site Configuration: [params.seo] referrer = "same-origin" Relax the security policy by: Adjusting the site-wide default; Using the referrerpolicy attribute of the External Shortcode; Using a nested browsing context to adjust contextually. See Referrer Policy on W3C for a list of possible values.

Release Hashes

Verify you are using genuine After Dark software.
After Dark utilizes the NPM CLI to produce a unique cryptographic hash each release, enabling any copy to be uniquely identified regardless of its source. Release hashes use the SHA-512 algorithm and look like this: VWcn7AxXUkZRGsRIM/6A5RjqW7DOPH+XbnLGRp7hpr0TCH/9l31ug2h2JaIlEvsDzOPRcZDBdyZvJ4mSm/Rqjg== Each release a new hash is generated in the following locations: Embedded using PGP in the release source git tag message. Codified into the latest or version-specific NPM package metadata. Embedded inside the After Dark Online Help documentation.