Harden the docs page external API link and resolve it from the API base
Description
src/app/docs/page.tsx links to GET /api/v1/openapi.json with a bare relative href="/api/v1/openapi.json". The actual API lives at NEXT_PUBLIC_STABLEROUTE_API_BASE (often a different origin), so the link points at the frontend origin, not the backend; and any link to the backend should carry safe rel attributes. This issue fixes the target and hardens it.
Requirements and context
- Repository scope: StableRoute-Org/Stableroute-frontend only.
- Build the openapi link from the configured API base (the same value
apiClient.ts resolves) so it points at the real backend, not the frontend origin.
- Add
rel="noopener noreferrer" (and target="_blank" if it should open in a new tab) plus an accessible indication that it leaves the dashboard.
- Keep the existing accessible
<dl> endpoint list and prose intact.
- Do not hard-code a production URL; derive it from the env-driven base with the localhost fallback.
Suggested execution
- Fork the repo and create a branch
git checkout -b security/docs-22-openapi-link- Implement changes
- Write code in:
src/app/docs/page.tsx.
- Write comprehensive tests in: create
src/app/docs/page.test.tsx asserting the resolved href and rel attributes.
- Add documentation: note the link behaviour in
README.md.
- Add JSDoc to any URL-building helper.
- Validate the
rel attributes and that the base is env-derived.
- Test and commit
Test and commit
- Run
npm run lint, npm test, and npm run build.
- Cover edge cases: default localhost base, custom env base, and
rel correctness.
- Include the full
npm test output in the PR description.
Example commit message
security: resolve and harden the docs openapi.json external link
Guidelines
- Minimum 95 percent test coverage for impacted modules.
- Clear, reviewer-focused documentation.
- Timeframe: 96 hours.
Community & contribution rewards
- 💬 Join the StableRoute community on Discord for questions, reviews, and faster merges: https://discord.gg/37aCpusvx
- ⭐ This is a GrantFox OSS / Official Campaign task and may be rewarded. When your PR is merged you'll be prompted to rate the project — if this issue and the maintainers helped you ship, we'd be grateful for a 5-star rating. Clear questions in Discord and tidy, well-tested PRs are the fastest path to a merge and a reward.
Harden the docs page external API link and resolve it from the API base
Description
src/app/docs/page.tsxlinks toGET /api/v1/openapi.jsonwith a bare relativehref="/api/v1/openapi.json". The actual API lives atNEXT_PUBLIC_STABLEROUTE_API_BASE(often a different origin), so the link points at the frontend origin, not the backend; and any link to the backend should carry saferelattributes. This issue fixes the target and hardens it.Requirements and context
apiClient.tsresolves) so it points at the real backend, not the frontend origin.rel="noopener noreferrer"(andtarget="_blank"if it should open in a new tab) plus an accessible indication that it leaves the dashboard.<dl>endpoint list and prose intact.Suggested execution
git checkout -b security/docs-22-openapi-linksrc/app/docs/page.tsx.src/app/docs/page.test.tsxasserting the resolved href andrelattributes.README.md.relattributes and that the base is env-derived.Test and commit
npm run lint,npm test, andnpm run build.relcorrectness.npm testoutput in the PR description.Example commit message
security: resolve and harden the docs openapi.json external linkGuidelines
Community & contribution rewards