Skip to content

feat(deploy): Cloudflare Pages _headers for iframe embedding#3

Merged
karngyan merged 1 commit into
mainfrom
feat/deploy-headers
May 1, 2026
Merged

feat(deploy): Cloudflare Pages _headers for iframe embedding#3
karngyan merged 1 commit into
mainfrom
feat/deploy-headers

Conversation

@karngyan

@karngyan karngyan commented May 1, 2026

Copy link
Copy Markdown
Contributor

Summary

  • Adds public/_headers so the Cloudflare Pages deploy ships Content-Security-Policy: frame-ancestors for /preview/*, letting karnstack.com (and subdomains) embed template previews via iframe.
  • Includes a legacy X-Frame-Options: ALLOW-FROM line for older browsers — modern browsers ignore it and rely on CSP.
  • Caches /templates.json for 60s so the karnstack landing page's manifest fetch picks up newly added templates within a minute.

Unblocks Phase 1 of docs/superpowers/plans/2026-05-01-resumex-deploy-and-landing.md (Task 4). Everything else in Phase 1 is Cloudflare dashboard work.

Test plan

  • pnpm build — confirmed dist/_headers is emitted with the right content
  • After deploy: curl -I https://resumex.karnstack.com/preview/minimal-mono shows the Content-Security-Policy: frame-ancestors ... header
  • After deploy: curl -I https://resumex.karnstack.com/templates.json shows Cache-Control: public, max-age=60
  • After deploy: iframe https://resumex.karnstack.com/preview/<id> from a karnstack.com origin loads without "refused to display in frame" errors

🤖 Generated with Claude Code

Lets karnstack.com embed /preview/* template previews via iframe by
shipping CSP frame-ancestors plus a legacy X-Frame-Options fallback.
Also caps /templates.json caching at 60s so new templates surface on
the landing page without waiting on CDN expiry.

Co-Authored-By: Claude Opus 4.7 (1M context) <noreply@anthropic.com>
@karngyan karngyan merged commit 30c006f into main May 1, 2026
1 check passed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Labels

None yet

Projects

None yet

Development

Successfully merging this pull request may close these issues.

1 participant