feat: scaffold Astro + Tailwind project

node_modules/astro/dist/vite-plugin-astro-server/sec-fetch.d.ts

@@ -0,0 +1,21 @@
+import type { RemotePattern } from '@astrojs/internal-helpers/remote';
+import type * as vite from 'vite';
+import type { AstroLogger } from '../core/logger/core.js';
+/**
+ * Middleware that validates Sec-Fetch metadata headers on incoming requests
+ * to block cross-origin subresource requests (e.g. `<script>` tags from
+ * another origin loading dev server modules).
+ *
+ * Navigation requests (`Sec-Fetch-Mode: navigate`) are always allowed through
+ * because browsers enforce their own security model for top-level navigations.
+ *
+ * Requests without `Sec-Fetch-Site` (e.g. from non-browser clients like curl,
+ * or older browsers that don't send Fetch Metadata) are also allowed through
+ * to avoid breaking legitimate development workflows.
+ *
+ * When `security.allowedDomains` is configured, requests whose `Origin` header
+ * matches one of the allowed patterns are also permitted. This supports proxied
+ * dev server setups (e.g. ngrok, Cloudflare Tunnel) where the browser sees a
+ * different origin than the dev server itself.
+ */
+export declare function secFetchMiddleware(logger: AstroLogger, allowedDomains?: Partial<RemotePattern>[]): vite.Connect.NextHandleFunction;