docs: add HeaderConfig to SecurityConfig + new Gudeline Proposals (tauri-apps#2950)

Co-authored-by: Vitor Ayres <[email protected]>

Author: 39zde

.github/CONTRIBUTING.md

@@ -57,6 +57,32 @@ Use this chart to help you figure out where the right place for your content is:
 - Make headings as succinct as possible to help the reader quickly find the content they need
 - Use [simple present tense](https://www.grammarly.com/blog/simple-present/) for verbs
 
+### New Features / Version Display
+
+When writing about a new feature, display the version it was introduced. 
+Use the `SinceVersion` component for this, located at [`src/components/SinceVersion.astro`](../src//components/SinceVersion.astro).
+Place it directly under the header, which describes the new feature. 
+When creating a new page add a Badge with the text `New` and variant `tip`.
+The lifetime of this badge should not exceed 6 Months.
+
+#### Example
+Example file `my-new-page.mdx`
+```mdx
+---
+title: My New Page
+sidebar:
+  badge:
+    text: New
+    variant: tip
+---
+import SinceVersion from '../path/to/SinceVersion.astro';
+
+<SinceVersion version="2.1.0" library="optional core library name" href="optional link" />
+
+Documentation about 'My New Page'...
+
+```
+
 ### Guide
 
 Located in [`/src/content/docs/plugin/`](https://github.com/tauri-apps/tauri-docs/tree/v2/src/content/docs/plugin)

.prettierignore

@@ -31,3 +31,4 @@ src/content/docs/learn/Security/writing-plugin-permissions.mdx
 src/content/docs/start/frontend/qwik.mdx
 src/content/docs/zh-cn/start/frontend/qwik.mdx
 src/content/docs/learn/splashscreen.mdx
+src/content/docs/security/http-headers.mdx

src/components/SinceVersion.astro

@@ -0,0 +1,67 @@
+---
+/**
+ * @author 39zde <[email protected]>
+ */
+import { Icon } from '@astrojs/starlight/components';
+
+interface Props {
+  /**
+   * version string
+   * schema: x.y.z
+   * @example
+   *  ```jsx
+   *    // Valid ✅
+   *    <SinceVersion version="2.1.0" />
+   *    // Invalid ❌
+   *    <SinceVersion version="v2.1.0" />
+   *    <SinceVersion>2.1.0</SinceVersion>
+   *    <SinceVersion version="2.1" />
+   *  ```
+   */
+  version: string;
+  /**
+   * The core library the documented feature belongs to, if applicapbe.
+   * Leave blank if not applicable and define the link manually.
+   */
+  library?: 'tauri' | 'api' | 'rust-cli' | 'js-cli' | 'tauri-bundler' | 'wry' | 'tao';
+  /**
+   * overrides the link to release page
+   *
+   * if the `library` prop is defined, `href` defaults to:
+   * - `${Astro.url.origin}/release/${Astro.props.library}/v${Astro.props.version}`
+   *
+   * if the `library` prop is `undefined`, `href` defaults to:
+   * - defaults to `${Astro.url.origin}/release/tauri/v${Astro.props.version}`
+   */
+  href?: string;
+}
+---
+
+<a
+  class="not-content"
+  href={Astro.props.href
+    ? Astro.props.href
+    : Astro.props.library
+      ? `${Astro.url.origin}/release/${Astro.props.library}/v${Astro.props.version}`
+      : `${Astro.url.origin}/release/tauri/v${Astro.props.version}`}
+  target="_blank"
+>
+  <Icon name="seti:clock" />Since <code>{Astro.props.version}</code>
+</a>
+
+<style>
+  a {
+    display: inline-flex;
+    justify-content: center;
+    align-items: center;
+    gap: 6px;
+    border-radius: 0.5rem;
+    padding: 2px 12px 2px 12px;
+    font-size: small;
+    box-shadow: var(--sl-shadow-md);
+    background-color: var(--sl-color-bg-inline-code);
+    margin: 0 0 12px 0;
+    color: var(--sl-color-gray-1) !important;
+    text-decoration: none;
+  }
+</style>

src/content/docs/develop/Debug/index.mdx

@@ -12,7 +12,7 @@ With all the moving pieces in Tauri, you may run into a problem that requires de
 
 ## Development Only Code
 
-One of the most useful tools in your toolkit for debugging is the ability to add debugging statments in your code. However, you generally you don't want these to end up in production, which is where the ability to check whether you're running in development mode or not comes in handy.
+One of the most useful tools in your toolkit for debugging is the ability to add debugging statements in your code. However, you generally you don't want these to end up in production, which is where the ability to check whether you're running in development mode or not comes in handy.
 
 ### In Rust
 

src/content/docs/develop/Plugins/develop-mobile.mdx

@@ -35,7 +35,7 @@ This implementation simplifies the process of sharing an API that can be used bo
 
 ### Develop an Android Plugin
 
-A Tauri plugin for Android is defined as a Kotlin class that extends `app.tauri.plugin.Plugin` and is annoted with `app.tauri.annotation.TauriPlugin`. Each method annotated with `app.tauri.annotation.Command` can be called by Rust or JavaScript.
+A Tauri plugin for Android is defined as a Kotlin class that extends `app.tauri.plugin.Plugin` and is annotated with `app.tauri.annotation.TauriPlugin`. Each method annotated with `app.tauri.annotation.Command` can be called by Rust or JavaScript.
 
 Tauri uses Kotlin by default for the Android plugin implementation, but you can switch to Java if you prefer. After generating a plugin, right click the Kotlin plugin class in Android Studio and select the "Convert Kotlin file to Java file" option from the menu. Android Studio will guide you through the project migration to Java.
 

src/content/docs/distribute/Pipelines/github.mdx

@@ -27,7 +27,7 @@ Please see the `tauri-action` [readme](https://github.com/tauri-apps/tauri-actio
 
 When your app is not on the root of the repository, use the `projectPath` input.
 
-You may freely modify the worfklow name, change its triggers, and add more steps such as `npm run lint` or `npm run test`. The important part is that you keep the below line at the end of the workflow since this runs the build script and releases your app.
+You may freely modify the workflow name, change its triggers, and add more steps such as `npm run lint` or `npm run test`. The important part is that you keep the below line at the end of the workflow since this runs the build script and releases your app.
 
 ### How to Trigger
 

src/content/docs/distribute/Sign/macos.mdx

@@ -9,7 +9,7 @@ Code signing is required on macOS to allow your application to be listed in the
 
 ## Prerequisites
 
-Code signing on macOS requries an [Apple Developer] account which is either paid (99$ per year) or on the free plan. You also need an Apple device where you perform the code signing. This is required by the signing process and due to Apple's Terms and Conditions.
+Code signing on macOS requires an [Apple Developer] account which is either paid (99$ per year) or on the free plan. You also need an Apple device where you perform the code signing. This is required by the signing process and due to Apple's Terms and Conditions.
 
 :::note
 Note when using a free Apple Developer account, you will not be able to notarize your application and it will still show up as not verified when opening the app.

src/content/docs/learn/Security/capabilities-for-windows-and-platforms.mdx

@@ -57,7 +57,7 @@ This exercise is meant to be read after completing [`Using Plugin Permissions`](
     ```
     </ShowSolution>
 
-   #### Create Windows Programatically
+   #### Create Windows Programmatically
 
     In the Rust code to create a Tauri app:
 

src/content/docs/learn/Security/writing-plugin-permissions.mdx

@@ -95,7 +95,7 @@ and hand crafted.
 
     These inbuilt permissions will be automatically generated by the Tauri build
     system and will be visible in the `permissions/autogenerated/commands` folder.
-    By default an `enable-<commmand>` and `deny-<command>` permission will
+    By default an `enable-<command>` and `deny-<command>` permission will
     be created.
 
     </ShowSolution>
@@ -133,7 +133,7 @@ and hand crafted.
 
     Expose the new command in the frontend module.
 
-    This step is essential for the example application to sucessfully
+    This step is essential for the example application to successfully
     import the frontend module. This is for convenience and has
     no security impact, as the command handler is already generated
     and the command can be manually invoked from the frontend.

src/content/docs/plugin/biometric.mdx

@@ -196,7 +196,7 @@ fn bio_auth(app_handle: tauri::AppHandle) {
         confirmation_required: Some(true),
     };
 
-    // if the authentication was succesfull, the function returns Result::Ok()
+    // if the authentication was successful, the function returns Result::Ok()
     // otherwise returns Result::Error()
     match app_handle.biometric().authenticate("This feature is locked".to_string(), options) {
         Ok(_) => {

src/content/docs/security/ecosystem.mdx

@@ -1,7 +1,7 @@
 ---
 title: Tauri Ecosystem Security
 sidebar:
-  order: 7
+  order: 8
 ---
 
 Our Tauri organization ecosystem is hosted on GitHub and facilitates several

src/content/docs/security/future.mdx

@@ -1,10 +1,10 @@
 ---
 title: Future Work
 sidebar:
-  order: 9
+  order: 10
 ---
 
-This section descibes topics we started or would like to tackle
+This section describes topics we started or would like to tackle
 in the future to make Tauri apps even more secure.
 If you feel interested in these topics or have pre-existing
 knowledge we are always happy to welcome new contributors
@@ -43,7 +43,7 @@ Currently Tauri has no inbuilt method to do so but there is ongoing work to
 ease this process.
 
 All of these tools allow to properly test and inspect Tauri applications
-without sorce code access and should be considered when building a Tauri application.
+without source code access and should be considered when building a Tauri application.
 
 We are planning to further support and implement related features in the future.
 
@@ -57,7 +57,7 @@ consider ways to further sandbox and isolate the webview processes.
 Inbuilt and external sandboxing methods will be evaluated to reduce attack impact
 and to enforce the IPC bridge for system access.
 We believe that this part of our stack is the weak link but current generation WebViews
-are improving in their hardening and exploit resillience.
+are improving in their hardening and exploit resilience.
 
 ### Fuzzing