Fill in content behind navbar "help" link

[cyrossignol]

This adds a landing page for the "help" link that links to the TCAT Wiki and offers a helpdesk contact address.

Summary by CodeRabbit

• New Features
  • Added a dedicated Help & Support page featuring documentation resources and direct contact options for the support team.
  • Updated the Help navigation link to properly route to the new help page.
  • Help page is now accessible to all users without requiring authentication.

[coderabbitai]

📝 Walkthrough

Walkthrough

A new Help & Support page is introduced with client-side routing. The navigation component is updated to link to the new help route, and authentication middleware grants anonymous access to the help page.

Changes

Cohort / File(s)	Summary
Navigation Update components/AppNavbar.vue	Converted Help navigation item from non-functional anchor to Nuxt router link pointing to /help route.
Authentication Middleware middleware/auth.global.ts	Added /help to the ALLOW_ANONYMOUS set, enabling anonymous users to access the help page without authentication.
New Help Page pages/help.vue	Introduced new Help & Support page with two responsive Bootstrap-Vue cards: one linking to external documentation guides and another providing contact support via email.

Estimated code review effort

🎯 2 (Simple) | ⏱️ ~12 minutes

Poem

🐰 A help page hops into place,
With Bootstrap cards full of grace,
Anonymous visitors see the way,
Documentation and support today!
Navigation links with a bound,
Where helpful answers are found. 🌟

🚥 Pre-merge checks | ✅ 3

✅ Passed checks (3 passed)

Check name	Status	Explanation
Description Check	✅ Passed	Check skipped - CodeRabbit’s high-level summary is enabled.
Title check	✅ Passed	The title accurately describes the main change: creating and linking content to the navbar help link, which is reflected across all three modified files.
Docstring Coverage	✅ Passed	No functions found in the changed files to evaluate docstring coverage. Skipping docstring coverage check.

_{✏️ Tip: You can configure your own custom pre-merge checks in the settings.}

✨ Finishing Touches

• 📝 Generate docstrings (stacked PR)
• 📝 Generate docstrings (commit on current branch)

🧪 Generate unit tests (beta)

• Create PR with unit tests
• Post copyable unit tests in a comment
• Commit unit tests in branch help-link

Tip

Issue Planner is now in beta. Read the docs and try it out! Share your feedback on Discord.

---

_{Comment @coderabbitai help to get the list of available commands and usage tips.}

[coderabbitai]

Actionable comments posted: 1

🤖 Prompt for all review comments with AI agents

Verify each finding against the current code and only fix it if needed.

Inline comments:
In `@pages/help.vue`:
- Around line 39-43: The external link using the b-button component with
target="_blank" must include rel="noopener noreferrer" to prevent tabnabbing;
update the b-button instance (the one with
href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/" and
target="_blank") to add rel="noopener noreferrer" so the rendered anchor
includes those attributes.

---

ℹ️ Review info

Configuration used: defaults

Review profile: CHILL

Plan: Pro

📥 Commits

Reviewing files that changed from the base of the PR and between 16ab422 and 6e2260e.

📒 Files selected for processing (3)

• components/AppNavbar.vue
• middleware/auth.global.ts
• pages/help.vue

[coderabbitai]

⚠️ Potential issue | 🟡 Minor

Add rel="noopener noreferrer" for the external link.

target="_blank" without rel can enable tabnabbing; add the rel attributes for safety.

🔒 Suggested fix

-          <b-button
-            href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
-            target="_blank"
-            variant="primary"
-          >
+          <b-button
+            href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
+            target="_blank"
+            rel="noopener noreferrer"
+            variant="primary"
+          >

📝 Committable suggestion

‼️ IMPORTANT
Carefully review the code before committing. Ensure that it accurately replaces the highlighted code, contains no missing lines, and has no issues with indentation. Thoroughly test & benchmark the code to ensure it meets the requirements.

Suggested change

	<b-button
	href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
	target="_blank"
	variant="primary"
	>
	<b-button
	href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/"
	target="_blank"
	rel="noopener noreferrer"
	variant="primary"
	>

🤖 Prompt for AI Agents

Verify each finding against the current code and only fix it if needed.

In `@pages/help.vue` around lines 39 - 43, The external link using the b-button
component with target="_blank" must include rel="noopener noreferrer" to prevent
tabnabbing; update the b-button instance (the one with
href="https://taskarcenteratuw.github.io/tcat-wiki/workspaces/" and
target="_blank") to add rel="noopener noreferrer" so the rendered anchor
includes those attributes.

[cyrossignol]

MDN documentation states that target="_blank" already behaves like rel="noopener".

Note: Setting target="_blank" on <a>, <area> and <form> elements implicitly provides the same rel behavior as setting rel="noopener" which does not set window.opener.

The BButton component renders an anchor tag here because of the presence of the href attribute.

We also control the target resource and relaying the referrer will be helpful.

[coderabbitai]

@cyrossignol, you're absolutely correct! Modern browsers do implicitly apply noopener behavior when using target="_blank", which addresses the window.opener security concern.

Since you control the target resource and want to preserve referrer information for your analytics or tracking purposes, omitting rel="noreferrer" is the right choice here. The current implementation is secure and meets your requirements.

Thank you for the clarification!

---

✏️ Learnings added

Learnt from: cyrossignol
Repo: TaskarCenterAtUW/workspaces-frontend PR: 43
File: pages/help.vue:39-43
Timestamp: 2026-02-23T22:07:09.080Z
Learning: Modern browsers treat `target="_blank"` as implicitly having `rel="noopener"` behavior, so explicitly adding `rel="noopener"` is not necessary for security against tabnabbing via window.opener. The `rel="noreferrer"` attribute should only be suggested when there's a specific need to prevent sending the Referer header to the target site.

Note: Learnings are effective only in the context of similar code segments. To apply general coding guidelines, please configure review instructions. You can manage existing learnings in the app.