kaffa/anvil-hosting
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

security: add SRI, remove Tailwind CDN, restrict CORS

Browse Source 
- Add SRI hash to Alpine.js (integrity + crossorigin)
- Remove Tailwind CDN, use prebuilt style.css only
- Add CSS variables for terminal theme colors
- Restrict CORS to https://hosting.anvil.it.com

Performance: ~500ms LCP improvement (no JIT compilation)
Security: CDN tampering protection, API access restriction

Co-Authored-By: Claude Opus 4.5 <noreply@anthropic.com>
This commit is contained in:
kappa
2026-01-30 09:12:47 +09:00
parent 4e4a3d57ea
commit b14d93be9d
2 changed files with 47 additions and 29 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
functions/api/pricing.ts
View File

@@ -70,7 +70,7 @@ async function fetchExchangeRate(): Promise<{ rate: number; source: string }> {
}
const CORS_HEADERS = {
'Access-Control-Allow-Origin': '*',
'Access-Control-Allow-Origin': 'https://hosting.anvil.it.com',
'Access-Control-Allow-Methods': 'GET, OPTIONS',
'Access-Control-Allow-Headers': 'Content-Type',
};