ea8318bc10
R2 Workers binding strips Content-Encoding: gzip from served objects even when stored with that metadata — the Pages Function now re-applies it for .gz keys so browsers decompress the body before parsing as JSON. Change X-Frame-Options from DENY to SAMEORIGIN so the home page can embed /embed.html in its featured-replay iframe (same origin is fine here). Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
18 lines
426 B
Text
18 lines
426 B
Text
# Cache control for static assets
|
|
# HTML files - no cache (always fresh)
|
|
/*.html
|
|
Cache-Control: no-cache
|
|
|
|
# JS assets - immutable (hashed filenames)
|
|
/assets/*
|
|
Cache-Control: public, max-age=31536000, immutable
|
|
|
|
# Data files - short cache (updated by index builder)
|
|
/data/*
|
|
Cache-Control: public, max-age=300
|
|
|
|
# Default
|
|
/*
|
|
X-Content-Type-Options: nosniff
|
|
X-Frame-Options: SAMEORIGIN
|
|
X-XSS-Protection: 1; mode=block
|