Skip to content

Website privacy-safe analytics and legal footer links#2318

Open
aaronpowell wants to merge 2 commits into
mainfrom
aaronpowell-website-security-audit
Open

Website privacy-safe analytics and legal footer links#2318
aaronpowell wants to merge 2 commits into
mainfrom
aaronpowell-website-security-audit

Conversation

@aaronpowell

Copy link
Copy Markdown
Contributor

Why

The website needs standard GitHub legal links in the footer, and it should avoid loading analytics when users have browser-level tracking opt-out enabled.

What changed

  • Added Terms, Privacy, and Security links to the website footer.
  • Removed the custom cookie-consent popup approach to avoid managing a separate consent state from github.com.
  • Updated Hydro analytics loading to respect browser privacy signals before loading:
    • Do Not Track (navigator.doNotTrack / window.doNotTrack / navigator.msDoNotTrack)
    • Global Privacy Control (navigator.globalPrivacyControl)
  • Updated website/README.md security notes so the sanitization note reflects current detail/file-browser rendering flow.

Notes for reviewers

This is intentionally a lightweight privacy guardrail: analytics loading is skipped when browser signals indicate tracking should be disabled, without introducing a custom consent-management UX on this site.

Add Terms, Privacy, and Security links to the website footer and remove the experimental cookie consent popup to avoid cross-site consent drift with github.com.

Gate Hydro analytics loading on browser privacy signals (Do Not Track and Global Privacy Control) so tracking-disabled users are respected without adding custom consent state.

Update website security notes to match the current non-modal rendering flow.

Co-authored-by: Copilot App <223556219+Copilot@users.noreply.github.com>
Copilot-Session: d0fdad70-4820-4c24-9e4a-35c82faf31ed
Copilot AI review requested due to automatic review settings July 16, 2026 06:38
@github-actions github-actions Bot added the website-update PR touches website content or code label Jul 16, 2026

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds privacy-aware analytics loading, legal footer links, and documents website security hardening.

Changes:

  • Respects DNT and GPC before loading Hydro analytics.
  • Adds GitHub legal and security links.
  • Introduces and documents CSP and referrer policies.
Show a summary per file
File Description
website/src/components/Head.astro Adds privacy checks and security policies.
website/src/components/Footer.astro Adds styled legal links.
website/README.md Documents security controls and sanitization.

Review details

  • Files reviewed: 3/3 changed files
  • Comments generated: 1
  • Review effort level: Medium

Comment on lines 52 to +53
<Default><slot /></Default>
<meta http-equiv="Content-Security-Policy" content={contentSecurityPolicy} />
Copilot AI review requested due to automatic review settings July 17, 2026 00:58

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Review details

  • Files reviewed: 3/3 changed files
  • Comments generated: 2
  • Review effort level: Medium

Comment on lines +40 to +45
<li>
<a href="https://docs.github.com/site-policy/privacy-policies/github-privacy-statement">
Privacy
</a>
</li>
</ul>
Comment on lines 52 to +54
<Default><slot /></Default>
<meta http-equiv="Content-Security-Policy" content={contentSecurityPolicy} />
<meta name="referrer" content="strict-origin-when-cross-origin" />
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

website-update PR touches website content or code

Projects

None yet

Development

Successfully merging this pull request may close these issues.

2 participants