forgejo-lila/lila - Forgejo: Beyond coding. We Forge.

forgejo-lila/lila

Fork 0

Commit graph

Author	SHA1	Message	Date
lila	76192667e0	feat(caddy): add security headers for frontend Adds HSTS, CSP, X-Frame-Options, X-Content-Type-Options, and Referrer-Policy to lilastudy.com responses. CSP allows connect-src to api.lilastudy.com over HTTPS and wss:// for WebSocket multiplayer. Tailwind's inline styles require style-src 'unsafe-inline'.	2026-04-23 21:45:35 +02:00
lila	bc38137a12	feat: add production deployment config - Add docker-compose.prod.yml and Caddyfile for Caddy reverse proxy - Add production stages to frontend Dockerfile (nginx for static files) - Fix monorepo package exports for production builds (dist/src paths) - Add CORS_ORIGIN env var for cross-origin config - Add Better Auth baseURL, cookie domain, and trusted origins from env - Use VITE_API_URL for API calls in auth-client and play route - Add credentials: include for cross-origin fetch requests - Remove unused users table from schema	2026-04-14 11:38:40 +02:00

Author

SHA1

Message

Date

lila

76192667e0

feat(caddy): add security headers for frontend

Adds HSTS, CSP, X-Frame-Options, X-Content-Type-Options,
and Referrer-Policy to lilastudy.com responses.

CSP allows connect-src to api.lilastudy.com over HTTPS and
wss:// for WebSocket multiplayer. Tailwind's inline styles
require style-src 'unsafe-inline'.

2026-04-23 21:45:35 +02:00

lila

bc38137a12

feat: add production deployment config

- Add docker-compose.prod.yml and Caddyfile for Caddy reverse proxy
- Add production stages to frontend Dockerfile (nginx for static files)
- Fix monorepo package exports for production builds (dist/src paths)
- Add CORS_ORIGIN env var for cross-origin config
- Add Better Auth baseURL, cookie domain, and trusted origins from env
- Use VITE_API_URL for API calls in auth-client and play route
- Add credentials: include for cross-origin fetch requests
- Remove unused users table from schema

2026-04-14 11:38:40 +02:00

2 commits