From d1d879306ac2234ce1fb11eb8df89a4b7d91a581 Mon Sep 17 00:00:00 2001
From: Tony Yang <t510599@gmail.com>
Date: Wed, 16 Apr 2025 16:35:42 +0800
Subject: [PATCH] feat: security http headers

---
 _headers       | 5 +++++
 vite.config.js | 4 ++++
 2 files changed, 9 insertions(+)
 create mode 100644 _headers

diff --git a/_headers b/_headers
new file mode 100644
index 0000000..99daad7
--- /dev/null
+++ b/_headers
@@ -0,0 +1,5 @@
+/*
+  Content-Security-Policy: default-src 'self'; script-src 'self' https://cdnjs.cloudflare.com/ajax/libs/tocas/ https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://www.gstatic.com/recaptcha/ https://challenges.cloudflare.com; style-src 'self' https://cdnjs.cloudflare.com/ajax/libs/tocas/ https://hcaptcha.com https://*.hcaptcha.com 'unsafe-inline'; img-src 'self' blob: https://pub-e115c4e749734702abd09206cba74257.r2.dev/; font-src https://cdnjs.cloudflare.com/ajax/libs/tocas/; frame-src https://hcaptcha.com https://*.hcaptcha.com https://www.google.com/recaptcha/ https://recaptcha.google.com/recaptcha/ https://challenges.cloudflare.com; connect-src 'self' https://hcaptcha.com https://*.hcaptcha.com;
+  X-Frame-Options: DENY
+  X-Content-Type-Options: nosniff
+  X-Robots-Tag: noindex
\ No newline at end of file
diff --git a/vite.config.js b/vite.config.js
index 5da5f83..09c4e1b 100644
--- a/vite.config.js
+++ b/vite.config.js
@@ -11,6 +11,10 @@ export default defineConfig({
         {
           src: 'functions',
           dest: '.',
+        },
+        {
+          src: '_headers',
+          dest: '.',
         }
       ]
     })