Bug: Non-JS social scrapers see landing-page OG/Twitter meta for every deep-linked URL
Severity: high
Found by: Phase triage — out-of-scope finding #2
Location: client/index.html:12-22 + client/src/components/SEOHead.tsx
Resolved in PR #447 (merged 2026-04-17).
New server-side crawler-UA middleware (server/crawlerMeta.ts + shared/pageMetadata.ts) rewrites index.html <head> for known bot UAs (Facebook, X, Slack, LinkedIn, Discord, Google, Bing, etc.) with per-route title/description/canonical/og/twitter tags. Hooked into both the prod static handler and dev Vite middleware. baseUrl is pinned to getAppUrl() (no Host-header reflection) to prevent SEO poisoning. Unknown paths inject <meta name="robots" content="noindex"> to prevent soft-404 indexation.
Bug: Non-JS social scrapers see landing-page OG/Twitter meta for every deep-linked URL
Severity: high
Found by: Phase triage — out-of-scope finding #2
Location:
client/index.html:12-22+client/src/components/SEOHead.tsxResolved in PR #447 (merged 2026-04-17).
New server-side crawler-UA middleware (
server/crawlerMeta.ts+shared/pageMetadata.ts) rewritesindex.html<head>for known bot UAs (Facebook, X, Slack, LinkedIn, Discord, Google, Bing, etc.) with per-route title/description/canonical/og/twitter tags. Hooked into both the prod static handler and dev Vite middleware.baseUrlis pinned togetAppUrl()(no Host-header reflection) to prevent SEO poisoning. Unknown paths inject<meta name="robots" content="noindex">to prevent soft-404 indexation.