feat: Enhance security headers and text rendering

Adds comprehensive security headers via Vercel configuration to protect against common web vulnerabilities. Improves text rendering consistency across browsers with `text-size-adjust` and font smoothing properties.
2025-12-09 09:34:48 +01:00
parent 3627e5b4fd
commit cc3b55b010
2 changed files with 51 additions and 4 deletions
--- a/index.html
+++ b/index.html
@@ -67,8 +67,13 @@
      };
    </script>
    <style>
+      html {
+        text-size-adjust: 100%;
+        -webkit-text-size-adjust: 100%;
+      }
      body {
        -webkit-font-smoothing: antialiased;
+        -moz-osx-font-smoothing: grayscale;
        background-color: #f2f2f2;
        color: #333;
      }
@@ -92,16 +97,16 @@
        text-shadow: 0 -1px 0 rgba(0,0,0,0.6);
      }
    </style>
-  <script type="importmap">
+<script type="importmap">
 {
  "imports": {
    "react": "https://aistudiocdn.com/react@^19.2.1",
    "react-dom/": "https://aistudiocdn.com/react-dom@^19.2.1/",
    "react/": "https://aistudiocdn.com/react@^19.2.1/",
-    "@vitejs/plugin-react": "https://aistudiocdn.com/@vitejs/plugin-react@^5.1.2",
-    "vite": "https://aistudiocdn.com/vite@^7.2.7",
    "lucide-react": "https://aistudiocdn.com/lucide-react@^0.556.0",
-    "framer-motion": "https://aistudiocdn.com/framer-motion@^12.23.25"
+    "framer-motion": "https://aistudiocdn.com/framer-motion@^12.23.25",
+    "vite": "https://aistudiocdn.com/vite@^7.2.7",
+    "@vitejs/plugin-react": "https://aistudiocdn.com/@vitejs/plugin-react@^5.1.2"
  }
 }
 </script>
--- a/vercel.json
+++ b/vercel.json
@@ -0,0 +1,42 @@
+{
+  "headers": [
+    {
+      "source": "/(.*)",
+      "headers": [
+        {
+          "key": "X-Content-Type-Options",
+          "value": "nosniff"
+        },
+        {
+          "key": "X-Frame-Options",
+          "value": "DENY"
+        },
+        {
+          "key": "Content-Security-Policy",
+          "value": "frame-ancestors 'none'"
+        },
+        {
+          "key": "Strict-Transport-Security",
+          "value": "max-age=63072000; includeSubDomains; preload"
+        },
+        {
+          "key": "X-XSS-Protection",
+          "value": "1; mode=block"
+        },
+        {
+          "key": "Content-Type",
+          "value": "text/html; charset=utf-8"
+        }
+      ]
+    },
+    {
+      "source": "/assets/(.*)",
+      "headers": [
+        {
+          "key": "Cache-Control",
+          "value": "public, max-age=31536000, immutable"
+        }
+      ]
+    }
+  ]
+}