From 2da428660adcad37010afdfe2f321c24c280decb Mon Sep 17 00:00:00 2001
From: Akshat Gupta <54343563+guptaakshat@users.noreply.github.com>
Date: Wed, 11 Mar 2026 23:47:18 +1100
Subject: [PATCH 1/2] Added descriptions for assigned birds

---
 .../HMI/ui/public/js/HMI_API_onboarding_task.json | 15 ++++++++++-----
 1 file changed, 10 insertions(+), 5 deletions(-)

diff --git a/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json b/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json
index ed575161b..ed8448479 100644
--- a/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json
+++ b/src/Components/HMI/ui/public/js/HMI_API_onboarding_task.json
@@ -256,19 +256,23 @@
     },
     {
         "Bird": "Atrapsalta encaustica",
-        "description": []
+        "description": ["Atrapuslata encaustica is a bird species found in forested habitats.",
+                        "It is known for its distinctive plumage and vocal communication used for territorial signaling."]
     },
     {
         "Bird": "Auscala spinosa",
-        "description": []
+        "description": ["Auscala spinosa is a small bird species commonly observed in woodland and shrubland environments.",
+                        "It feeds primarily on insects and small invertebrates while moving actively through vegetation."]
     },
     {
         "Bird": "Austrochaperina pluvialis",
-        "description": []
+        "description": ["Austrochaperrina pluvialis is a migratory bird associated with wetland and coastal ecosystems.",
+                        "It is often seen foraging in shallow water for aquatic insects and small crustaceans."]
     },
     {
         "Bird": "Austronomus australis",
-        "description": []
+        "description": ["Austronomus australis is a bird species native to southern regions and open habitats.",
+                        "It is known for its strong flight and social flocking behavior during feeding."]
     },
     {
         "Bird": "Aves sp.",
@@ -276,7 +280,8 @@
     },
     {
         "Bird": "Aythya australis",
-        "description": []
+        "description": ["Aythya australis, commonly known as the Hardhead duck, is a diving duck native to Australia.",
+                        "It inhabits freshwater lakes and wetlands where it feeds on aquatic plants and invertebrates."]
     },
     {
         "Bird": "Barnardius zonarius",

From 2514092f01eb21ae2693ad0ab1137d1f4c6bd4f5 Mon Sep 17 00:00:00 2001
From: Akshat Gupta <54343563+guptaakshat@users.noreply.github.com>
Date: Sat, 18 Apr 2026 16:38:03 +1000
Subject: [PATCH 2/2] Enable Helmet and Configure CSP to allow required
 resources

---
 src/Components/HMI/ui/server.js | 96 ++++++++++++++++++++++++++++++++-
 1 file changed, 94 insertions(+), 2 deletions(-)

diff --git a/src/Components/HMI/ui/server.js b/src/Components/HMI/ui/server.js
index 72d99bacc..5893eed14 100644
--- a/src/Components/HMI/ui/server.js
+++ b/src/Components/HMI/ui/server.js
@@ -98,8 +98,100 @@ app.get('/api/users/:id/status', isAdmin, async (req, res) => {
   }
 });
 // Use helmet middleware to set security headers
-
-// app.use(helmet());
+app.use(
+  helmet({
+    contentSecurityPolicy: {
+      useDefaults: true,
+      directives: {
+        defaultSrc: ["'self'"],
+
+        scriptSrc: [
+          "'self'",
+          "'unsafe-inline'",
+          "https://cdn.jsdelivr.net",
+          "https://cdnjs.cloudflare.com",
+          "https://code.jquery.com",
+          "https://kit.fontawesome.com",
+          "https://www.google.com",
+          "https://www.gstatic.com",
+          "https://www.recaptcha.net"
+        ],
+
+        scriptSrcElem: [
+          "'self'",
+          "'unsafe-inline'",
+          "https://cdn.jsdelivr.net",
+          "https://cdnjs.cloudflare.com",
+          "https://code.jquery.com",
+          "https://kit.fontawesome.com",
+          "https://www.google.com",
+          "https://www.gstatic.com",
+          "https://www.recaptcha.net"
+        ],
+
+        scriptSrcAttr: ["'unsafe-inline'"],
+
+        styleSrc: [
+          "'self'",
+          "'unsafe-inline'",
+          "https://cdn.jsdelivr.net",
+          "https://fonts.googleapis.com",
+          "https://cdnjs.cloudflare.com"
+        ],
+
+        styleSrcElem: [
+          "'self'",
+          "'unsafe-inline'",
+          "https://cdn.jsdelivr.net",
+          "https://fonts.googleapis.com",
+          "https://cdnjs.cloudflare.com"
+        ],
+
+        fontSrc: [
+          "'self'",
+          "https://fonts.gstatic.com",
+          "https://cdn.jsdelivr.net",
+          "https://cdnjs.cloudflare.com",
+          "https://kit.fontawesome.com",
+          "https://ka-f.fontawesome.com",
+          "data:"
+        ],
+
+        imgSrc: [
+          "'self'",
+          "data:",
+          "blob:",
+          "https:"
+        ],
+
+        connectSrc: [
+          "'self'",
+          "ws:",
+          "wss:",
+          "http://localhost:8080",
+          "http://localhost:9000",
+          "http://localhost:8000",
+          "https://cdn.jsdelivr.net",
+          "https://cdnjs.cloudflare.com",
+          "https://www.google.com",
+          "https://www.gstatic.com",
+          "https://www.recaptcha.net",
+          "https://ka-f.fontawesome.com"
+        ],
+
+        frameSrc: [
+          "'self'",
+          "https://js.stripe.com",
+          "https://www.google.com",
+          "https://www.recaptcha.net"
+        ],
+
+        objectSrc: ["'none'"],
+        upgradeInsecureRequests: null
+      }
+    }
+  })
+);
 // Function to sanitize and normalize file paths
 // function sanitizeFilePath(filePath) {
 //   // Use path.normalize to ensure the path is in normalized form