From e3ad63f3000693d799747ee10f35c97ecce08078 Mon Sep 17 00:00:00 2001
From: Antawari <antawari@gmail.com>
Date: Wed, 27 May 2026 16:32:47 -0600
Subject: [PATCH] front door: drop google fonts CDN @import + add security
 headers
MIME-Version: 1.0
Content-Type: text/plain; charset=UTF-8
Content-Transfer-Encoding: 8bit

Two-defect convergence on the host-only Front Door:

1. ui.html imported a stylesheet from fonts.googleapis.com, sending the
   user's browser fingerprint + IP + Referer to Google on every scan.
   The Front Door is bound to 127.0.0.1 precisely because the page
   exposes scraped local state; the third-party font fetch contradicted
   that posture.

2. _process_request returned only Content-Type on the HTML response —
   no Content-Security-Policy, no X-Frame-Options, no Referrer-Policy,
   no X-Content-Type-Options. Drive-by visit to http://127.0.0.1:<port>
   while a scan was running could render the page in an iframe inside
   an attacker tab, and any third-party subresource fetch would leak
   the referrer.

Shipping both as one PR — CSP and the @import removal are the two
halves of "the page makes no third-party network requests." Add the
@import back later and CSP refuses to load it; remove it without CSP
and the next contributor can re-introduce it silently.

## Changes

src/bonfire/onboard/ui.html
  - Removed @import url('https://fonts.googleapis.com/...') from the
    <style> block. The existing font-family fallback chain
    ('JetBrains Mono', 'Fira Code', 'Courier New', monospace) is
    in place — most developer workstations have JetBrains Mono
    installed locally already; remaining users get a graceful fallback.

src/bonfire/onboard/server.py
  - Extended _process_request's GET / response Headers with:
    * Content-Security-Policy with default-src 'self'; connect-src
      'self' (covers same-origin WebSocket to /ws); img-src
      'self' data: (allows inline data URLs); style-src 'self'
      'unsafe-inline' (the page uses inline <style>); script-src
      'self' 'unsafe-inline' (the page uses inline <script>).
    * X-Frame-Options: DENY
    * Referrer-Policy: no-referrer
    * X-Content-Type-Options: nosniff

tests/unit/test_onboard_server_security_hardening.py (new · Knight RED)
  - Six tests pinning the contract:
    * ui.html contains zero https:// references (post-fix grep).
    * GET / response carries CSP with default-src 'self'.
    * GET / response carries X-Frame-Options: DENY.
    * GET / response carries Referrer-Policy: no-referrer.
    * GET / response carries X-Content-Type-Options: nosniff.
    * Content-Type header preserved (regression guard).

## Out of scope (filed for follow-up PR)

WebSocket _ws_handler currently does json.loads(raw) without calling
parse_client_message from onboard/protocol.py. The typed-discriminator
validation is decorative for the wire path. Wiring parse_client_message
into _ws_handler is a separate change with its own test surface
(touches server.py, flow.py, and adds malformed-frame rejection).

## Verification

  pytest tests/unit/test_onboard_server_security_hardening.py
    6 passed in 51.06s (RED→GREEN cycle verified)

  pytest tests/unit/test_onboard_server.py (regression)
    19 passed in 12.09s

  ruff check + format on changed files: clean

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
---
 src/bonfire/onboard/server.py                 |  24 ++-
 src/bonfire/onboard/ui.html                   |   4 +-
 .../test_onboard_server_security_hardening.py | 165 ++++++++++++++++++
 3 files changed, 191 insertions(+), 2 deletions(-)
 create mode 100644 tests/unit/test_onboard_server_security_hardening.py

diff --git a/src/bonfire/onboard/server.py b/src/bonfire/onboard/server.py
index f724def..93802cb 100644
--- a/src/bonfire/onboard/server.py
+++ b/src/bonfire/onboard/server.py
@@ -154,7 +154,29 @@ async def _process_request(
             return Response(
                 200,
                 "OK",
-                Headers({"Content-Type": "text/html; charset=utf-8"}),
+                Headers(
+                    {
+                        "Content-Type": "text/html; charset=utf-8",
+                        # Forbid third-party subresources. The page is bound
+                        # to 127.0.0.1 and exposes scraped local state — any
+                        # outbound fetch is an exfiltration vector. WebSocket
+                        # to /ws is same-origin so `'self'` covers it.
+                        "Content-Security-Policy": (
+                            "default-src 'self'; "
+                            "connect-src 'self'; "
+                            "img-src 'self' data:; "
+                            "style-src 'self' 'unsafe-inline'; "
+                            "script-src 'self' 'unsafe-inline'"
+                        ),
+                        # Forbid iframe embedding — closes the drive-by
+                        # iframe-while-scan-runs attack surface.
+                        "X-Frame-Options": "DENY",
+                        # No Referer leak on outbound link clicks.
+                        "Referrer-Policy": "no-referrer",
+                        # No MIME confusion on the served HTML.
+                        "X-Content-Type-Options": "nosniff",
+                    }
+                ),
                 self._html,
             )
         if request.path != "/ws":
diff --git a/src/bonfire/onboard/ui.html b/src/bonfire/onboard/ui.html
index 41dc4e7..763d676 100644
--- a/src/bonfire/onboard/ui.html
+++ b/src/bonfire/onboard/ui.html
@@ -5,7 +5,9 @@
 <meta name="viewport" content="width=device-width, initial-scale=1">
 <title>Bonfire — The Front Door</title>
 <style>
-  @import url('https://fonts.googleapis.com/css2?family=JetBrains+Mono:wght@400;700&display=swap');
+  /* Privacy: no third-party CDN @import. JetBrains Mono ships locally on
+     most developer workstations; fall back through the existing chain
+     (JetBrains Mono → Fira Code → Courier New → system monospace) below. */
 
   :root {
     --green: #00ff41;
diff --git a/tests/unit/test_onboard_server_security_hardening.py b/tests/unit/test_onboard_server_security_hardening.py
new file mode 100644
index 0000000..b4fdb67
--- /dev/null
+++ b/tests/unit/test_onboard_server_security_hardening.py
@@ -0,0 +1,165 @@
+"""Knight RED tests — Front Door security hardening.
+
+Two-defect convergence on the host-only Front Door:
+
+1. ``ui.html`` previously imported a stylesheet from ``fonts.googleapis.com``,
+   sending the user's browser fingerprint + IP + Referer to Google on every
+   ``bonfire scan`` invocation. The Front Door is bound to ``127.0.0.1``
+   precisely because the page exposes scraped local state; the third-party
+   font fetch contradicted that posture.
+
+2. ``_process_request`` returned only ``Content-Type`` on the HTML response —
+   no ``Content-Security-Policy``, no ``X-Frame-Options``, no
+   ``Referrer-Policy``, no ``X-Content-Type-Options``. A drive-by visit to
+   ``http://127.0.0.1:<port>/`` while an operator had a scan running could
+   render the page in an iframe inside an attacker tab, and any third-party
+   subresource fetch would leak the referrer.
+
+Both findings ship as one PR — the CSP and the @import removal are the
+two halves of "the page makes no third-party network requests." Add the
+@import back later and CSP will refuse to load it; remove it without CSP
+and the next contributor can re-introduce it silently.
+
+Contract:
+
+- ``ui.html`` contains zero ``https://`` URLs (no third-party subresources).
+- The Front Door's HTTP response for ``GET /`` carries:
+    * ``Content-Security-Policy`` with ``default-src 'self'`` (forbids any
+      third-party subresource).
+    * ``X-Frame-Options: DENY`` (forbids iframe embedding).
+    * ``Referrer-Policy: no-referrer`` (no Referer leak on outbound links).
+    * ``X-Content-Type-Options: nosniff`` (no MIME confusion).
+
+Out of scope (separate ticket, larger Pydantic-validation wire-up):
+
+- WebSocket ``_ws_handler`` Pydantic-validation half of the Front Door
+  hardening — that needs ``parse_client_message`` wired into the dispatch
+  path + ``flow.py`` adjustments. Filed for a follow-up PR.
+"""
+
+from __future__ import annotations
+
+import asyncio
+import re
+import urllib.request
+from importlib import resources
+
+from bonfire.onboard.server import FrontDoorServer
+
+
+class TestUiHtmlNoThirdPartyResources:
+    """ui.html must not request any third-party HTTPS resources."""
+
+    def test_ui_html_has_no_third_party_https_references(self) -> None:
+        """No ``https://`` URLs in the served HTML — privacy-egress closure."""
+        body = resources.files("bonfire.onboard").joinpath("ui.html").read_bytes()
+        text = body.decode("utf-8")
+        # Match http(s)://host references that are NOT in HTML comments.
+        # Simple approach: strip <!-- ... --> comment blocks then search.
+        text_no_comments = re.sub(r"<!--.*?-->", "", text, flags=re.DOTALL)
+        https_refs = re.findall(r"https://[^\s'\"<>)]+", text_no_comments)
+        assert https_refs == [], (
+            "ui.html must make ZERO third-party network requests on render — "
+            f"found {https_refs!r}. Inline the resource, ship it as a sibling "
+            "served from the same origin, or drop it and fall back."
+        )
+
+
+class TestFrontDoorSecurityHeaders:
+    """``GET /`` HTTP response carries the four hardening headers."""
+
+    async def test_response_carries_content_security_policy(self) -> None:
+        """CSP header forbids third-party subresources (``default-src 'self'``)."""
+        server = FrontDoorServer()
+        port = await server.start()
+        try:
+            loop = asyncio.get_event_loop()
+            response = await loop.run_in_executor(
+                None,
+                urllib.request.urlopen,
+                f"http://127.0.0.1:{port}/",
+            )
+            csp = response.headers.get("Content-Security-Policy", "")
+            assert csp, (
+                "GET / response missing Content-Security-Policy header — "
+                "drive-by iframe + subresource fetch surface unsealed"
+            )
+            assert "default-src 'self'" in csp, (
+                "CSP must include `default-src 'self'` to forbid third-party "
+                f"subresources; got: {csp!r}"
+            )
+        finally:
+            await server.stop()
+
+    async def test_response_carries_x_frame_options_deny(self) -> None:
+        """X-Frame-Options: DENY forbids iframe embedding."""
+        server = FrontDoorServer()
+        port = await server.start()
+        try:
+            loop = asyncio.get_event_loop()
+            response = await loop.run_in_executor(
+                None,
+                urllib.request.urlopen,
+                f"http://127.0.0.1:{port}/",
+            )
+            xfo = response.headers.get("X-Frame-Options", "")
+            assert xfo == "DENY", (
+                "GET / response must carry X-Frame-Options: DENY — drive-by "
+                f"iframe attack surface unsealed. Got: {xfo!r}"
+            )
+        finally:
+            await server.stop()
+
+    async def test_response_carries_referrer_policy_no_referrer(self) -> None:
+        """Referrer-Policy: no-referrer prevents Referer leak on outbound links."""
+        server = FrontDoorServer()
+        port = await server.start()
+        try:
+            loop = asyncio.get_event_loop()
+            response = await loop.run_in_executor(
+                None,
+                urllib.request.urlopen,
+                f"http://127.0.0.1:{port}/",
+            )
+            rp = response.headers.get("Referrer-Policy", "")
+            assert rp == "no-referrer", (
+                "GET / response must carry Referrer-Policy: no-referrer — "
+                f"Referer-leak surface open. Got: {rp!r}"
+            )
+        finally:
+            await server.stop()
+
+    async def test_response_carries_x_content_type_options_nosniff(self) -> None:
+        """X-Content-Type-Options: nosniff prevents MIME confusion."""
+        server = FrontDoorServer()
+        port = await server.start()
+        try:
+            loop = asyncio.get_event_loop()
+            response = await loop.run_in_executor(
+                None,
+                urllib.request.urlopen,
+                f"http://127.0.0.1:{port}/",
+            )
+            xcto = response.headers.get("X-Content-Type-Options", "")
+            assert xcto == "nosniff", (
+                f"GET / response must carry X-Content-Type-Options: nosniff. Got: {xcto!r}"
+            )
+        finally:
+            await server.stop()
+
+    async def test_content_type_header_still_present(self) -> None:
+        """Regression guard: the new headers don't remove the existing Content-Type."""
+        server = FrontDoorServer()
+        port = await server.start()
+        try:
+            loop = asyncio.get_event_loop()
+            response = await loop.run_in_executor(
+                None,
+                urllib.request.urlopen,
+                f"http://127.0.0.1:{port}/",
+            )
+            ct = response.headers.get("Content-Type", "")
+            assert "text/html" in ct
+            assert "charset=utf-8" in ct.lower()
+        finally:
+            await server.stop()