diff --git a/public/_headers b/public/_headers new file mode 100644 index 0000000..b268533 --- /dev/null +++ b/public/_headers @@ -0,0 +1,14 @@ +# Cloudflare Pages headers config. +# https://developers.cloudflare.com/pages/configuration/headers/ + +# Allow karnstack.com (and subdomains) to embed template previews via iframe. +# CSP frame-ancestors is the modern, browser-respected directive. X-Frame-Options +# ALLOW-FROM is shipped alongside for legacy compatibility; modern browsers ignore it. +/preview/* + Content-Security-Policy: frame-ancestors 'self' https://karnstack.com https://*.karnstack.com + X-Frame-Options: ALLOW-FROM https://karnstack.com + +# Templates manifest is read by the karnstack landing page. Short cache so newly +# added templates show up within a minute. +/templates.json + Cache-Control: public, max-age=60