feat(v1.4): Add 'Encrypted in memory' badge

2026-03-07 09:57:50 +08:00 · 2026-01-30 01:25:09 +08:00
parent 9ffdbbd50f
commit 46982794cc
2 changed files with 17 additions and 2 deletions
--- a/GEMINI.md
+++ b/GEMINI.md
@@ -130,9 +130,18 @@ bun run preview       # Preview production build

 ### Deployment Process

+This project is now deployed to Cloudflare Pages for enhanced security.
+
 1. **Private repo** (`seedpgp-web`): Source code, development
-2. **Public repo** (`seedpgp-web-app`): Built files for GitHub Pages
-3. **Deploy script** (`scripts/deploy.sh`): Builds + copies to dist/ + pushes to public repo
+2. **Cloudflare Pages**: Deploys from `seedpgp-web` repo directly.
+3. **GitHub Pages (Legacy)**: `seedpgp-web-app` public repo is retained for historical purposes, but no longer actively deployed to.
+
+### Cloudflare Pages Deployment
+
+1. Connect GitHub repo (`seedpgp-web`) to Cloudflare Pages.
+2. Build settings: `bun run build`, output directory: `dist/`.
+3. `public/_headers` file enforces Content Security Policy (CSP) and other security headers automatically.
+4. Benefits: Real CSP enforcement, not just a UI toggle.

 ### Git Workflow

--- a/public/_headers
+++ b/public/_headers
@@ -0,0 +1,6 @@
+/*
+  Content-Security-Policy: default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; connect-src 'none'; form-action 'none'; base-uri 'self';
+  X-Frame-Options: DENY
+  X-Content-Type-Options: nosniff
+  X-XSS-Protection: 1; mode=block
+  Referrer-Policy: strict-origin-when-cross-origin