Skip to content

fix: skip-nav touch-device flash + CORS hardening#27

Merged
praeducer merged 1 commit intomainfrom
fix/cors-hardening
Mar 8, 2026
Merged

fix: skip-nav touch-device flash + CORS hardening#27
praeducer merged 1 commit intomainfrom
fix/cors-hardening

Conversation

@praeducer
Copy link
Owner

@praeducer praeducer commented Mar 8, 2026

Summary

  • Skip-nav flash fix: Gate skip-nav visibility behind @media (hover: hover) so touch-only devices never show the skip link during Next.js client navigation. Some mobile browsers trigger :focus-visible on programmatic focus, making the previous sr-only + focus-visible:not-sr-only approach insufficient. Centralizes styles in globals.css .skip-nav class.
  • CORS hardening: Add explicit Access-Control-Allow-Origin: https://paulprae.com to vercel.json catch-all headers, overriding Vercel CDN's default wildcard ACAO: * on non-API page responses. API routes continue to use dynamic origin matching via proxy.ts.

Test plan

  • Navigate home → resume on mobile — skip-nav should NOT flash
  • Tab through resume page on desktop — skip-nav should appear on first Tab
  • Verify curl -sI https://paulprae.com | grep access-control shows https://paulprae.com (not *)
  • Verify /api/chat still returns dynamic origin-matched ACAO header
  • All 418 unit tests pass, build succeeds

🤖 Generated with Claude Code

@praeducer @claude
fix: skip-nav touch-device flash + CORS hardening
ad1db22 
Skip-nav: gate visibility behind @media (hover: hover) so touch-only
devices never show the skip link during Next.js client navigation.
Some mobile browsers trigger :focus-visible on programmatic focus,
making the previous sr-only + focus-visible:not-sr-only approach
insufficient. Centralize styles in globals.css .skip-nav class.

CORS: add explicit Access-Control-Allow-Origin: https://paulprae.com
to vercel.json catch-all headers, overriding Vercel CDN's default
wildcard ACAO on non-API page responses. API routes continue to use
dynamic origin matching via proxy.ts.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
@vercel
Copy link

vercel bot commented Mar 8, 2026

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
paulprae-com Building Building Preview, Comment Mar 8, 2026 5:47pm

Request Review

@praeducer praeducer merged commit 210fd76 into main Mar 8, 2026
2 of 3 checks passed
@praeducer praeducer deleted the fix/cors-hardening branch March 8, 2026 17:47
praeducer added a commit that referenced this pull request Mar 8, 2026
@praeducer @claude
docs: update human-tasks with post-deploy verification steps
1abef7b 
Mark Phase 2 launch tasks complete (PRs #21, #26, #27). Replace
pre-merge checklist with current post-deploy verification items
for mobile skip-nav, CORS headers, and dashboard monitoring.

Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
praeducer added a commit that referenced this pull request Mar 18, 2026
@praeducer @claude
docs: update plans for PR #28 merge readiness
d7af735 
- human-tasks.md: add pre-merge UAT checklist task for PR #28,
  rename post-deploy section to cover PRs #27-28, add mobile CTA
  verification step, bump last-updated date to 2026-03-18
- backlog.md: update reconciliation date and branch to feat/interview-booking-cta,
  update version bump task to reference PR #28 (currently 0.1.0 → 2.0.0)

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@praeducer