Skip to content

feat: add JSON-LD structured data to homepage and fix CSP nonce hook …#3150

Merged
sydseter merged 2 commits into
OWASP:masterfrom
Adarshkumar0509:feat/homepage-json-ld-seo
Jun 23, 2026
Merged

feat: add JSON-LD structured data to homepage and fix CSP nonce hook …#3150
sydseter merged 2 commits into
OWASP:masterfrom
Adarshkumar0509:feat/homepage-json-ld-seo

Conversation

@Adarshkumar0509

@Adarshkumar0509 Adarshkumar0509 commented Jun 23, 2026
edited
Loading

Copy link
Copy Markdown
Contributor

Description

Fixes #2194

  • Added Organization + WebSite JSON-LD structured data to the homepage
    for SEO. Validated on schema.org and no errors were there

  • While testing I noticed the CSP nonce hook in hooks.server.js was wiping all attributes from every script tag sitewide, not just injecting the nonce. The JSON-LD tag needs type="application/ld+json" to work, so I fixed the regex to preserve existing attributes.

AI Tool Disclosure

  • My contribution does not include any AI-generated content
  • My contribution includes AI-generated content, as disclosed below:
    • AI Tools: [e.g. GitHub CoPilot, ChatGPT, JetBrains Junie etc.]
    • LLMs and versions: [e.g. GPT-4.1, Claude Haiku 4.5, Gemini 2.5 Pro etc.]
    • Prompts: [Summarize the key prompts or instructions given to the AI tools]

Affirmation

@Adarshkumar0509

Adarshkumar0509 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

hii @sydseter, Take a look at this, whenever you have time.

@sydseter

sydseter commented Jun 23, 2026

Copy link
Copy Markdown
Collaborator

the nonce in the hook is a placeholder. The Cloudlfare nonce worker https://github.com/OWASP/cornucopia/blob/master/cornucopia.owasp.org/script/nonce-worker.js

uses the placeholder nonce that the hook injects into every script tag and replaces it with a unique nonce. This happens begore the page is served by Cloudflare.

@sydseter sydseter requested a review from Copilot June 23, 2026 19:44
Copilot AI reviewed Jun 23, 2026
View reviewed changes

Copilot AI left a comment

Copy link
Copy Markdown
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Pull request overview

Adds SEO-focused structured data to the SvelteKit homepage and updates the server-side nonce injection so JSON-LD <script> tags keep required attributes (e.g., type="application/ld+json").

Changes:

  • Add Organization + WebSite JSON-LD graph to the homepage <head>.
  • Update hooks.server.js script-tag nonce injection to preserve existing <script> attributes.

Reviewed changes

Copilot reviewed 2 out of 2 changed files in this pull request and generated 1 comment.

File Description
cornucopia.owasp.org/src/routes/+page.svelte Adds JSON-LD structured data to the homepage head for SEO.
cornucopia.owasp.org/src/hooks.server.js Adjusts nonce injection regex so existing <script> attributes are not wiped.

Comment thread cornucopia.owasp.org/src/routes/+page.svelte
@Adarshkumar0509

Adarshkumar0509 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

Thanks for explaining! i missed that point

@Adarshkumar0509

Adarshkumar0509 commented Jun 23, 2026

Copy link
Copy Markdown
Contributor Author

hii @sydseter done!

@sydseter sydseter merged commit 5545d1f into OWASP:master Jun 23, 2026
9 checks passed
@Adarshkumar0509 Adarshkumar0509 deleted the feat/homepage-json-ld-seo branch June 26, 2026 15:24
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

Copilot code review Copilot Copilot left review comments
@sydseter sydseter sydseter approved these changes
@cw-owasp cw-owasp Awaiting requested review from cw-owasp cw-owasp is a code owner
@rewtd rewtd Awaiting requested review from rewtd rewtd is a code owner

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

Redesign for cornucopia.owasp.org

3 participants

@Adarshkumar0509 @sydseter