The first two posts on this site were hand-written as individual TanStack Start routes. Fine for a quick start, but not scalable. Since I plan to share more web development tips and experiments, I needed a more flexible setup. At the same time, this is a hobby project, and I didn’t want to sink hours into building a full-fledged blogging platform. All I wanted was a simple way to write posts in Markdown and render them dynamically on my site. Here’s the approach I took.

It feels like just about every new website these days uses Tailwind CSS, and this one’s no exception. I wanted a quick way to make my articles more readable (larger text, better spacing, and so on), and it turns out Tailwind has a built-in Typography plugin. Perfect. However, I did run into one issue worth discussing.

The buzz around TanStack Start has really taken off since its recent RC release. I’ve been using it for a while (this very site runs on it!), and the latest version brings tons of improvements. One area that’s still a bit under-documented is how to configure a solid Content Security Policy (CSP) to mitigate security threats. The good news: with TanStack Start’s new middleware support, setting up CSP is now straightforward. In this post, I’ll walk through the approach I’ve been using.