Merge pull request #58 from jinseok1006/main

cloudflare 헤더 추가

Author: jinseok1006

public/_headers

@@ -0,0 +1,26 @@
+# _headers 파일 내용
+
+/*
+  X-Content-Type-Options: nosniff
+  X-Frame-Options: SAMEORIGIN
+  Content-Security-Policy: default-src 'self'; script-src 'self' 'unsafe-inline' 'unsafe-eval' https:; style-src 'self' 'unsafe-inline' https:; img-src 'self' data: https:; font-src 'self' data: https:; connect-src 'self' https:; frame-ancestors 'self'
+  Referrer-Policy: strict-origin-when-cross-origin
+
+# CORS 정책 수정 - 모든 JSON 파일
+/page-data/*
+  Access-Control-Allow-Origin: https://jhelper.jbnu.ac.kr
+
+/app-data.json  
+  Access-Control-Allow-Origin: https://jhelper.jbnu.ac.kr
+
+/manifest.webmanifest
+  Access-Control-Allow-Origin: https://jhelper.jbnu.ac.kr
+
+# 캐시 제어 - 민감한 파일들
+/page-data/*
+  Cache-Control: private, no-cache, no-store, must-revalidate
+  Pragma: no-cache
+
+/*.json
+  Cache-Control: private, no-cache, no-store, must-revalidate
+  Pragma: no-cache

static/_headers

@@ -0,0 +1,15 @@
+# 모든 리소스에 최고 수준 보안 적용
+/*
+  ! Access-Control-Allow-Origin
+  ! Server
+  X-Content-Type-Options: nosniff
+  X-Frame-Options: DENY
+  Referrer-Policy: no-referrer
+  Content-Security-Policy: default-src 'none'; script-src 'self' 'unsafe-inline' 'unsafe-eval'; style-src 'self' 'unsafe-inline' https://cdn.jsdelivr.net https://fonts.googleapis.com; img-src 'self' data:; font-src 'self' https://cdn.jsdelivr.net https://fonts.gstatic.com; connect-src 'self'; manifest-src 'self'; frame-ancestors 'none'; object-src 'none'; base-uri 'none'; form-action 'none'
+  Permissions-Policy: geolocation=(), microphone=(), camera=(), payment=(), usb=(), magnetometer=(), gyroscope=(), fullscreen=(), sync-xhr=()
+  Cross-Origin-Embedder-Policy: require-corp
+  Cross-Origin-Opener-Policy: same-origin
+  Cross-Origin-Resource-Policy: same-origin
+  Cache-Control: private, no-cache, no-store, must-revalidate, max-age=0
+  Pragma: no-cache
+  X-Robots-Tag: noindex, nofollow, nosnippet, noarchive