From 1ca25756122dc1a18c8178211f3a882c20e1fd74 Mon Sep 17 00:00:00 2001
From: salvacybersec <salva@opsecti.local>
Date: Tue, 11 Nov 2025 14:12:25 +0300
Subject: [PATCH] front

---
 backend/src/app.js | 21 +++++++++++++++++++++
 1 file changed, 21 insertions(+)

diff --git a/backend/src/app.js b/backend/src/app.js
index e247c68..276c5df 100644
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -90,6 +90,27 @@ app.use(express.static(path.join(__dirname, 'public'), {
   }
 }));
 
+// Serve compiled frontend assets at /assets (Vite output)
+app.use('/assets', express.static(path.join(__dirname, 'public', 'dist', 'assets'), {
+  setHeaders: (res, filePath) => {
+    res.set('Access-Control-Allow-Origin', '*');
+    res.set('Access-Control-Allow-Methods', 'GET, OPTIONS');
+    res.set('Access-Control-Allow-Headers', 'Content-Type, Accept, Origin');
+    res.set('Access-Control-Allow-Credentials', 'true');
+    res.set('Content-Security-Policy',
+      "default-src 'self' data: blob:; script-src 'self' 'unsafe-inline' 'unsafe-eval' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' http: https: ws: wss:; frame-ancestors 'self'; base-uri 'self';"
+    );
+
+    if (filePath.endsWith('.js') || filePath.endsWith('.mjs')) {
+      res.set('Content-Type', 'application/javascript; charset=utf-8');
+    } else if (filePath.endsWith('.css')) {
+      res.set('Content-Type', 'text/css; charset=utf-8');
+    } else if (filePath.endsWith('.svg')) {
+      res.set('Content-Type', 'image/svg+xml');
+    }
+  }
+}));
+
 // Serve landing page at /landing route
 app.get('/landing', (req, res) => {
   res.sendFile(path.join(__dirname, 'public', 'landing.html'));