Security design
SalaamApp is a static start page. It does not proxy, embed or imitate third-party websites.
Protections
- Content Security Policy restricts scripts, frames, forms and network connections.
- Clickjacking, MIME sniffing and referrer protections are configured at the host level.
- Public application links must use HTTPS and open with
noopenerandnoreferrer. - Administrator permissions are enforced by Supabase Row Level Security, not only by the interface.
- The public page does not contain an administrator password form.
Report a concern
Use the project owner's official contact channel and include the affected URL, date, browser and a clear description. Do not send passwords, private keys or sensitive personal data.
