<?xml version="1.0" encoding="utf-8"?>
<feed xmlns="http://www.w3.org/2005/Atom" xml:lang="en">
  <title>Waves&apos; Blog</title>
  <subtitle>Security Blog</subtitle>
  <link rel="self" type="application/atom+xml" href="https://blog.wavespro.net/en/atom.xml" />
  <link rel="alternate" type="text/html" href="https://blog.wavespro.net/en/" />
  <id>https://blog.wavespro.net/en/</id>
  <updated>2026-07-03T00:00:00.000Z</updated>
  <author><name>Waves</name></author>
  <entry>
    <title>Keyless Deploys to Azure from GitHub Actions: How OIDC Federation Works</title>
    <link href="https://blog.wavespro.net/en/posts/keyless-deploy-with-oidc" />
    <id>https://blog.wavespro.net/en/posts/keyless-deploy-with-oidc</id>
    <published>2026-07-03T00:00:00.000Z</published>
    <updated>2026-07-03T00:00:00.000Z</updated>
    <summary>How this blog deploys to Azure Static Web Apps with zero long-lived secrets on GitHub: workload identity, federated credentials, OIDC Discovery, the two-token dance, and trust boundaries.</summary>
  </entry>
  <entry>
    <title>View Transitions x Astro Islands: Buttery Navigation on a Tight Budget</title>
    <link href="https://blog.wavespro.net/en/posts/view-transitions-and-islands" />
    <id>https://blog.wavespro.net/en/posts/view-transitions-and-islands</id>
    <published>2026-06-28T00:00:00.000Z</published>
    <updated>2026-06-28T00:00:00.000Z</updated>
    <summary>Pair the native View Transitions API with Astro Islands to land smooth cross-page motion and scoped interactivity — while keeping the zero-JS default and a sub-50 KB first-paint budget.</summary>
  </entry>
  <entry>
    <title>Strict CSP on Static Hosting: Lessons from Azure SWA</title>
    <link href="https://blog.wavespro.net/en/posts/strict-csp-on-static-hosting" />
    <id>https://blog.wavespro.net/en/posts/strict-csp-on-static-hosting</id>
    <published>2026-06-24T00:00:00.000Z</published>
    <updated>2026-06-24T00:00:00.000Z</updated>
    <summary>Shipping script-src &apos;self&apos; on Azure Static Web Apps: why per-request nonces are off the table, the Trusted Types / Pagefind trade-off, and pinning every header in staticwebapp.config.json.</summary>
  </entry>
  <entry>
    <title>Why Astro 5 Powers This Blog</title>
    <link href="https://blog.wavespro.net/en/posts/hello-astro" />
    <id>https://blog.wavespro.net/en/posts/hello-astro</id>
    <published>2026-06-20T00:00:00.000Z</published>
    <updated>2026-06-20T00:00:00.000Z</updated>
    <summary>A tour of the stack behind this bilingual blog: Astro 5 Islands, zero-JS by default, Tailwind v4 CSS-first, and why I picked Astro over Next.js or a plain static generator.</summary>
  </entry>
</feed>
