fix(server): add CSP/security headers middleware, gitignore jks.bak*

Content-Security-Policy, X-Content-Type-Options, and X-Frame-Options are now injected by a single Axum middleware on the web router subtree, so all HTML pages get consistent headers without touching each file. Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
2026-05-13 19:41:50 -07:00
parent 38eefb22e8
commit d60dc18add
2 changed files with 34 additions and 2 deletions
@@ -14,4 +14,5 @@ data/
 # Android signing keystores — never commit
 *.jks
 *.jks.bak
+*.jks.bak*
 *.keystore