Merge pull request #39 from Unity-Lab-AI/develop

Security: Move CSP to HTTP headers and externalize inline scripts

Author: hackall360

_headers

@@ -4,3 +4,4 @@
   X-XSS-Protection: 1; mode=block
   Referrer-Policy: strict-origin-when-cross-origin
   Permissions-Policy: camera=(), microphone=(self), geolocation=()
+  Content-Security-Policy: default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com data:; img-src 'self' data: blob: https://image.pollinations.ai https://*.gravatar.com https://avatars.githubusercontent.com; connect-src 'self' https://text.pollinations.ai https://image.pollinations.ai https://users.unityailab.com https://api.github.com https://contact.unityailab.com; frame-ancestors 'none'; base-uri 'self'; form-action 'self'

about/about-contact.js

@@ -0,0 +1,24 @@
+/**
+ * about-contact.js - About page contact form handler
+ */
+
+document.getElementById('aboutContactForm').addEventListener('submit', function(e) {
+    e.preventDefault();
+
+    var name = document.getElementById('contactName').value;
+    var email = document.getElementById('contactEmail').value;
+    var reason = document.getElementById('contactReason').value;
+    var source = document.getElementById('contactSource').value;
+    var subject = document.getElementById('contactSubject').value;
+    var message = document.getElementById('contactMessage').value;
+
+    // Build mailto URL
+    var recipient = 'unityailabcontact@gmail.com';
+    var mailtoSubject = '[' + reason + '] ' + subject;
+    var mailtoBody = 'Name: ' + name + '\nEmail: ' + email + '\nReason for Contact: ' + reason + '\nHow they heard about us: ' + source + '\n\nMessage:\n' + message;
+
+    var mailtoURL = 'mailto:' + recipient + '?subject=' + encodeURIComponent(mailtoSubject) + '&body=' + encodeURIComponent(mailtoBody);
+
+    // Open mailto link
+    window.location.href = mailtoURL;
+});

about/index.html

@@ -3,7 +3,6 @@
 <head>
     <!-- Meta Tags for Cross-Browser Compatibility -->
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://image.pollinations.ai https://*.gravatar.com https://avatars.githubusercontent.com; connect-src 'self' https://text.pollinations.ai https://image.pollinations.ai https://users.unityailab.com https://api.github.com; frame-ancestors 'none';">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, user-scalable=yes, viewport-fit=cover">
 
@@ -657,34 +656,9 @@ <h6 class="footer-title">Connect</h6>
     <script src="about.js"></script>
 
     <!-- About Contact Form Handler -->
-    <script>
-        document.getElementById('aboutContactForm').addEventListener('submit', function(e) {
-            e.preventDefault();
-
-            const name = document.getElementById('contactName').value;
-            const email = document.getElementById('contactEmail').value;
-            const reason = document.getElementById('contactReason').value;
-            const source = document.getElementById('contactSource').value;
-            const subject = document.getElementById('contactSubject').value;
-            const message = document.getElementById('contactMessage').value;
-
-            // Build mailto URL
-            const recipient = 'unityailabcontact@gmail.com';
-            const mailtoSubject = `[${reason}] ${subject}`;
-            const mailtoBody = `Name: ${name}\nEmail: ${email}\nReason for Contact: ${reason}\nHow they heard about us: ${source}\n\nMessage:\n${message}`;
-
-            const mailtoURL = `mailto:${recipient}?subject=${encodeURIComponent(mailtoSubject)}&body=${encodeURIComponent(mailtoBody)}`;
-
-            // Open mailto link
-            window.location.href = mailtoURL;
-        });
-    </script>
+    <script src="about-contact.js"></script>
 
-    <!-- Remove FOUC class when page loads -->
-    <script>
-        window.addEventListener('load', function() {
-            document.body.classList.add('loaded');
-        });
-    </script>
+    <!-- Page Initialization -->
+    <script src="../page-init.js"></script>
 </body>
 </html>

ai/ai-init.js

@@ -0,0 +1,46 @@
+/**
+ * ai-init.js - AI page initialization and visitor tracking
+ */
+
+// Load and auto-refresh visitor count for demo page
+document.addEventListener('DOMContentLoaded', function() {
+    var countElement = document.getElementById('visitorCount');
+    if (!countElement || typeof VisitorTracking === 'undefined') {
+        return;
+    }
+
+    var currentCount = null;
+
+    // Function to fetch and update visitor count
+    async function updateVisitorCount() {
+        try {
+            var count = await VisitorTracking.getVisitorCount('demo');
+            if (count !== null) {
+                // Only update if count has changed or is first load
+                if (currentCount !== count) {
+                    countElement.textContent = count;
+                    currentCount = count;
+                    console.log('Visitor count updated:', count);
+                }
+            } else {
+                if (currentCount === null) {
+                    countElement.textContent = '0';
+                    currentCount = '0';
+                }
+            }
+        } catch (error) {
+            console.error('Failed to load visitor count:', error);
+            if (currentCount === null) {
+                countElement.textContent = '0';
+                currentCount = '0';
+            }
+        }
+    }
+
+    // Initial load
+    updateVisitorCount();
+
+    // Auto-refresh every 5 minutes (300,000 ms)
+    setInterval(updateVisitorCount, 300000);
+    console.log('Visitor count auto-refresh enabled (every 5 minutes)');
+});

ai/demo/index.html

@@ -2,7 +2,6 @@
 <html lang="en">
 <head>
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://image.pollinations.ai https://*.gravatar.com https://avatars.githubusercontent.com; connect-src 'self' https://text.pollinations.ai https://image.pollinations.ai https://users.unityailab.com https://api.github.com; frame-ancestors 'none';">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, viewport-fit=cover">
 

ai/index.html

@@ -3,7 +3,6 @@
 <head>
     <!-- Meta Tags for Cross-Browser Compatibility -->
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://image.pollinations.ai https://*.gravatar.com https://avatars.githubusercontent.com; connect-src 'self' https://text.pollinations.ai https://image.pollinations.ai https://users.unityailab.com https://api.github.com; frame-ancestors 'none';">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, user-scalable=yes, viewport-fit=cover">
 
@@ -537,54 +536,10 @@ <h6 class="footer-title">Connect</h6>
     <!-- Visitor Tracking System -->
     <script src="../visitor-tracking.js"></script>
 
-    <!-- Remove FOUC class when page loads -->
-    <script>
-        window.addEventListener('load', function() {
-            document.body.classList.add('loaded');
-        });
-
-        // Load and auto-refresh visitor count for demo page
-        document.addEventListener('DOMContentLoaded', function() {
-            const countElement = document.getElementById('visitorCount');
-            if (!countElement || typeof VisitorTracking === 'undefined') {
-                return;
-            }
-
-            let currentCount = null;
-
-            // Function to fetch and update visitor count
-            async function updateVisitorCount() {
-                try {
-                    const count = await VisitorTracking.getVisitorCount('demo');
-                    if (count !== null) {
-                        // Only update if count has changed or is first load
-                        if (currentCount !== count) {
-                            countElement.textContent = count;
-                            currentCount = count;
-                            console.log('Visitor count updated:', count);
-                        }
-                    } else {
-                        if (currentCount === null) {
-                            countElement.textContent = '0';
-                            currentCount = '0';
-                        }
-                    }
-                } catch (error) {
-                    console.error('Failed to load visitor count:', error);
-                    if (currentCount === null) {
-                        countElement.textContent = '0';
-                        currentCount = '0';
-                    }
-                }
-            }
+    <!-- AI Page Initialization -->
+    <script src="ai-init.js"></script>
 
-            // Initial load
-            updateVisitorCount();
-
-            // Auto-refresh every 5 minutes (300,000 ms)
-            setInterval(updateVisitorCount, 300000);
-            console.log('Visitor count auto-refresh enabled (every 5 minutes)');
-        });
-    </script>
+    <!-- Page Initialization -->
+    <script src="../page-init.js"></script>
 </body>
 </html>

apps/apps-init.js

@@ -0,0 +1,20 @@
+/**
+ * apps-init.js - Apps page initialization
+ */
+
+// Initialize AOS
+AOS.init({
+    duration: 800,
+    once: true,
+    offset: 100
+});
+
+// Navbar scroll effect
+window.addEventListener('scroll', function() {
+    const navbar = document.querySelector('.navbar');
+    if (window.scrollY > 50) {
+        navbar.classList.add('scrolled');
+    } else {
+        navbar.classList.remove('scrolled');
+    }
+});

apps/index.html

@@ -3,7 +3,6 @@
 <head>
     <!-- Meta Tags for Cross-Browser Compatibility -->
     <meta charset="UTF-8">
-    <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com https://unpkg.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://unpkg.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://image.pollinations.ai https://*.gravatar.com https://avatars.githubusercontent.com; connect-src 'self' https://text.pollinations.ai https://image.pollinations.ai https://users.unityailab.com https://api.github.com; frame-ancestors 'none';">
     <meta http-equiv="X-UA-Compatible" content="IE=edge">
     <meta name="viewport" content="width=device-width, initial-scale=1.0, maximum-scale=5.0, user-scalable=yes, viewport-fit=cover">
 
@@ -293,30 +292,10 @@ <h6 class="footer-title">Connect</h6>
     <!-- Custom JavaScript -->
     <script src="../script.js"></script>
 
-    <script>
-        // Initialize AOS
-        AOS.init({
-            duration: 800,
-            once: true,
-            offset: 100
-        });
-
-        // Navbar scroll effect
-        window.addEventListener('scroll', function() {
-            const navbar = document.querySelector('.navbar');
-            if (window.scrollY > 50) {
-                navbar.classList.add('scrolled');
-            } else {
-                navbar.classList.remove('scrolled');
-            }
-        });
-    </script>
-
-    <!-- Remove FOUC class when page loads -->
-    <script>
-        window.addEventListener('load', function() {
-            document.body.classList.add('loaded');
-        });
-    </script>
+    <!-- Apps Page Initialization -->
+    <script src="apps-init.js"></script>
+
+    <!-- Page Initialization -->
+    <script src="../page-init.js"></script>
 </body>
 </html>

apps/oldSiteProject/index.html

@@ -3,7 +3,6 @@
 <head>
   <meta charset="UTF-8">
   <meta name="viewport" content="width=device-width, initial-scale=1.0">
-  <meta http-equiv="Content-Security-Policy" content="default-src 'self'; script-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://cdnjs.cloudflare.com; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdnjs.cloudflare.com; font-src 'self' https://fonts.gstatic.com; img-src 'self' data: blob: https://image.pollinations.ai https://*.gravatar.com https://avatars.githubusercontent.com; connect-src 'self' https://text.pollinations.ai https://image.pollinations.ai https://users.unityailab.com https://api.github.com; frame-ancestors 'none';">
   <title>Legacy Unity Chat - Unity AI Lab</title>
 
   <!-- Bootstrap CSS -->

contact/contact-form.js

@@ -0,0 +1,65 @@
+/**
+ * contact-form.js - Main contact page form handler
+ */
+
+document.getElementById('mainContactForm').addEventListener('submit', async function(e) {
+    e.preventDefault();
+
+    var submitBtn = document.querySelector('#mainContactForm button[type="submit"]');
+    var originalBtnText = submitBtn.textContent;
+
+    // Disable button and show loading state
+    submitBtn.disabled = true;
+    submitBtn.textContent = 'Sending...';
+
+    var formData = {
+        name: document.getElementById('contactName').value,
+        email: document.getElementById('contactEmail').value,
+        type: document.getElementById('contactType').value,
+        service: document.getElementById('contactService').value,
+        source: document.getElementById('contactSource').value,
+        urgency: document.getElementById('contactUrgency').value,
+        subject: document.getElementById('contactSubject').value,
+        message: document.getElementById('contactMessage').value
+    };
+
+    try {
+        var response = await fetch('https://contact.unityailab.com/api/contact', {
+            method: 'POST',
+            headers: {
+                'Content-Type': 'application/json'
+            },
+            body: JSON.stringify(formData)
+        });
+
+        var result = await response.json();
+
+        if (response.ok && result.success) {
+            // Success - show message and reset form
+            alert('Thank you! Your message has been sent successfully. We\'ll get back to you soon.');
+            document.getElementById('mainContactForm').reset();
+        } else {
+            // API error
+            alert(result.error || 'Failed to send message. Please try again.');
+        }
+    } catch (error) {
+        console.error('Contact form error:', error);
+        // Network error - fall back to mailto
+        var recipient = 'unityailabcontact@gmail.com';
+        var mailtoSubject = '[' + formData.type + '] ' + formData.subject;
+        var mailtoBody = 'Name: ' + formData.name + '\nEmail: ' + formData.email + '\nType of Inquiry: ' + formData.type + '\n';
+        if (formData.service && formData.service !== 'Not Applicable') {
+            mailtoBody += 'Service of Interest: ' + formData.service + '\n';
+        }
+        mailtoBody += 'How they heard about us: ' + formData.source + '\nPriority Level: ' + formData.urgency + '\n\nMessage:\n' + formData.message;
+        var mailtoURL = 'mailto:' + recipient + '?subject=' + encodeURIComponent(mailtoSubject) + '&body=' + encodeURIComponent(mailtoBody);
+
+        if (confirm('Could not connect to server. Would you like to send via email instead?')) {
+            window.location.href = mailtoURL;
+        }
+    } finally {
+        // Re-enable button
+        submitBtn.disabled = false;
+        submitBtn.textContent = originalBtnText;
+    }
+});