From f8ad1a918f62f2b8a0864074dad99cecbf6267b4 Mon Sep 17 00:00:00 2001 From: Karn Date: Sat, 2 May 2026 02:54:41 +0530 Subject: [PATCH] feat(deploy): add Cloudflare Pages _headers for iframe embedding Lets karnstack.com embed /preview/* template previews via iframe by shipping CSP frame-ancestors plus a legacy X-Frame-Options fallback. Also caps /templates.json caching at 60s so new templates surface on the landing page without waiting on CDN expiry. Co-Authored-By: Claude Opus 4.7 (1M context) --- public/_headers | 14 ++++++++++++++ 1 file changed, 14 insertions(+) create mode 100644 public/_headers diff --git a/public/_headers b/public/_headers new file mode 100644 index 0000000..b268533 --- /dev/null +++ b/public/_headers @@ -0,0 +1,14 @@ +# Cloudflare Pages headers config. +# https://developers.cloudflare.com/pages/configuration/headers/ + +# Allow karnstack.com (and subdomains) to embed template previews via iframe. +# CSP frame-ancestors is the modern, browser-respected directive. X-Frame-Options +# ALLOW-FROM is shipped alongside for legacy compatibility; modern browsers ignore it. +/preview/* + Content-Security-Policy: frame-ancestors 'self' https://karnstack.com https://*.karnstack.com + X-Frame-Options: ALLOW-FROM https://karnstack.com + +# Templates manifest is read by the karnstack landing page. Short cache so newly +# added templates show up within a minute. +/templates.json + Cache-Control: public, max-age=60