From 9f53a34cfb49969b0795fb68e706e8f1ea765d70 Mon Sep 17 00:00:00 2001
From: salvacybersec <salva@opsecti.local>
Date: Tue, 11 Nov 2025 07:46:58 +0300
Subject: [PATCH] ulaan

---
 backend/src/app.js      | 24 ++++++++++++++----------
 frontend/vite.config.js | 15 +++++++++++++--
 2 files changed, 27 insertions(+), 12 deletions(-)

diff --git a/backend/src/app.js b/backend/src/app.js
index 60355db..304708d 100644
--- a/backend/src/app.js
+++ b/backend/src/app.js
@@ -1,7 +1,7 @@
 require('dotenv').config({ path: require('path').join(__dirname, '../.env') });
 const express = require('express');
 const session = require('express-session');
-const helmet = require('helmet');
+// const helmet = require('helmet'); // Geçici olarak devre dışı
 const cors = require('cors');
 const logger = require('./config/logger');
 const sessionConfig = require('./config/session');
@@ -12,12 +12,8 @@ const { apiLimiter } = require('./middlewares/rateLimiter');
 const app = express();
 const PORT = process.env.PORT || 3000;
 
-// Security middleware - CSP'yi devre dışı bırak (CORS ve mixed content sorunları için)
-app.use(helmet({
-  contentSecurityPolicy: false, // CSP'yi tamamen kapat
-  crossOriginEmbedderPolicy: false,
-  crossOriginResourcePolicy: { policy: "cross-origin" },
-}));
+// Security middleware - Helmet'i tamamen kaldır (CORS ve mixed content sorunları için)
+// app.use(helmet()); // Geçici olarak devre dışı
 
 // CORS - Her yerden erişime izin ver (tüm route'larda)
 app.use((req, res, next) => {
@@ -49,11 +45,19 @@ app.use(express.urlencoded({ extended: true }));
 // Serve static files (landing page and frontend build)
 const path = require('path');
 app.use(express.static(path.join(__dirname, 'public'), {
-  setHeaders: (res, path) => {
-    // CORS headers for static files
+  setHeaders: (res, filePath) => {
+    // CORS headers for ALL static files (CSS, JS, images, etc.)
     res.set('Access-Control-Allow-Origin', '*');
     res.set('Access-Control-Allow-Methods', 'GET, OPTIONS');
-    res.set('Access-Control-Allow-Headers', 'Content-Type');
+    res.set('Access-Control-Allow-Headers', 'Content-Type, Accept, Origin');
+    res.set('Access-Control-Allow-Credentials', 'true');
+    
+    // Content-Type header'larını doğru ayarla
+    if (filePath.endsWith('.js')) {
+      res.set('Content-Type', 'application/javascript; charset=utf-8');
+    } else if (filePath.endsWith('.css')) {
+      res.set('Content-Type', 'text/css; charset=utf-8');
+    }
   }
 }));
 
diff --git a/frontend/vite.config.js b/frontend/vite.config.js
index 00ea372..6103760 100644
--- a/frontend/vite.config.js
+++ b/frontend/vite.config.js
@@ -4,6 +4,17 @@ import react from '@vitejs/plugin-react'
 // https://vite.dev/config/
 export default defineConfig({
   plugins: [react()],
-  // Build output will be copied to backend in Dockerfile
-  // For local development, keep default dist/ directory
+  base: '/', // Base path - root'tan servis edilecek
+  build: {
+    assetsDir: 'assets',
+    // Relative path'ler kullan (absolute değil)
+    rollupOptions: {
+      output: {
+        // Asset dosyaları için relative path
+        assetFileNames: 'assets/[name]-[hash][extname]',
+        chunkFileNames: 'assets/[name]-[hash].js',
+        entryFileNames: 'assets/[name]-[hash].js',
+      },
+    },
+  },
 })