House keeping config files

estserna · estserna · commit 77c61d0d0c1c · 2025-08-20T17:49:27.000-04:00
diff --git a/workshops/modernizr/backend/.env b/workshops/modernizr/backend/.env
@@ -1,7 +1,6 @@
 # Database Configuration
 DATABASE_TYPE=mysql
-# DB_HOST=127.0.0.1
-DB_HOST=3.19.73.197
+DB_HOST=127.0.0.1
 DB_PORT=3306
 # DB_USER=root
 DB_USER=dbuser
@@ -14,15 +13,15 @@ DB_TIMEOUT=60000
 # DynamoDB Configuration
 # DYNAMODB_ENDPOINT=http://localhost:8000
 AWS_REGION=us-east-2
-AWS_PROFILE=estserna+twitch-Admin
+AWS_PROFILE=
 # AWS credentials will be loaded from AWS CLI profile
 DYNAMODB_TABLE_PREFIX=
 
 # Server Configuration
 PORT=8100
 
 # JWT Configuration
-JWT_SECRET=13020429472038029834502893508205382131314343
+JWT_SECRET=your-super-secret-jwt-key-change-this-in-production-make-it-long-and-random
 JWT_EXPIRES_IN=24h
 
 # Environment
diff --git a/workshops/modernizr/frontend/public/index.html b/workshops/modernizr/frontend/public/index.html
@@ -7,7 +7,7 @@
     
     <!-- Security Headers - Environment-based CSP -->
     <meta http-equiv="Content-Security-Policy" 
-          content="default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https: blob:; font-src 'self' data:; connect-src 'self' http://localhost:* ws://localhost:* wss://localhost:*; media-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';">
+          content="default-src 'self'; upgrade-insecure-requests; script-src 'self'; style-src 'self'; img-src 'self' data: https:; font-src 'self' data:; connect-src 'self' https:; media-src 'self'; object-src 'none'; child-src 'none'; frame-ancestors 'none'; base-uri 'self'; form-action 'self';">
     <meta http-equiv="X-Frame-Options" content="DENY">
     <meta http-equiv="X-Content-Type-Options" content="nosniff">
     <meta http-equiv="X-XSS-Protection" content="1; mode=block">
