mirror of
https://github.com/koala73/worldmonitor.git
synced 2026-04-25 17:14:57 +02:00
83cc35f1d6
Vercel routes dynamic [domain] segments BEFORE specific directory names, so api/[domain]/v1/[rpc].ts was catching every request meant for api/intelligence/v1/[rpc].ts, api/economic/v1/[rpc].ts, etc. and returning 404. Delete the catch-all so requests reach the real handlers. Also: add missing CSP script hash, add list-iran-events cache tier, and update route-cache-tier test to read from server/gateway.ts.
62 lines
3.1 KiB
JSON
62 lines
3.1 KiB
JSON
{
|
|
"ignoreCommand": "if [ -z \"$VERCEL_GIT_PREVIOUS_SHA\" ]; then exit 1; fi; git cat-file -e $VERCEL_GIT_PREVIOUS_SHA 2>/dev/null || exit 1; git diff --quiet $VERCEL_GIT_PREVIOUS_SHA HEAD -- ':!*.md' ':!.planning' ':!docs/' ':!e2e/' ':!scripts/' ':!.github/'",
|
|
"crons": [
|
|
{ "path": "/api/cron/warm-aviation-cache", "schedule": "0 */2 * * *" }
|
|
],
|
|
"headers": [
|
|
{
|
|
"source": "/(.*)",
|
|
"headers": [
|
|
{ "key": "X-Content-Type-Options", "value": "nosniff" },
|
|
{ "key": "X-Frame-Options", "value": "SAMEORIGIN" },
|
|
{ "key": "Strict-Transport-Security", "value": "max-age=63072000; includeSubDomains; preload" },
|
|
{ "key": "Referrer-Policy", "value": "strict-origin-when-cross-origin" },
|
|
{ "key": "Permissions-Policy", "value": "camera=(), microphone=(), geolocation=(), accelerometer=(), autoplay=(self \"https://www.youtube.com\" \"https://www.youtube-nocookie.com\"), bluetooth=(), display-capture=(), encrypted-media=(self \"https://www.youtube.com\" \"https://www.youtube-nocookie.com\"), gyroscope=(), hid=(), idle-detection=(), magnetometer=(), midi=(), payment=(), picture-in-picture=(self \"https://www.youtube.com\" \"https://www.youtube-nocookie.com\"), screen-wake-lock=(), serial=(), usb=(), xr-spatial-tracking=()" },
|
|
{ "key": "Content-Security-Policy", "value": "default-src 'self'; connect-src 'self' https: wss: blob: data:; img-src 'self' data: blob: https:; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'sha256-LnMFPWZxTgVOr2VYwIh9mhQ3l/l3+a3SfNOLERnuHfY=' 'sha256-+SFBjfmi2XfnyAT3POBxf6JIKYDcNXtllPclOcaNBI0=' 'sha256-AhZAmdCW6h8iXMyBcvIrqN71FGNk4lwLD+lPxx43hxg=' 'wasm-unsafe-eval' https://www.youtube.com https://static.cloudflareinsights.com https://vercel.live; worker-src 'self' blob:; font-src 'self' data: https:; media-src 'self' data: blob: https:; frame-src 'self' https://worldmonitor.app https://tech.worldmonitor.app https://happy.worldmonitor.app https://www.youtube.com https://www.youtube-nocookie.com; frame-ancestors 'self'; base-uri 'self'; object-src 'none'; form-action 'self'" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/index.html",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "no-cache, no-store, must-revalidate" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/assets/(.*)",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=31536000, immutable" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/favico/(.*)",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=604800" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/offline.html",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=86400" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/sw.js",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=0, must-revalidate" }
|
|
]
|
|
},
|
|
{
|
|
"source": "/manifest.webmanifest",
|
|
"headers": [
|
|
{ "key": "Cache-Control", "value": "public, max-age=86400" }
|
|
]
|
|
}
|
|
]
|
|
}
|