From 363c3b9141f9c9fa4fd2abb5345a20023872e6db Mon Sep 17 00:00:00 2001
From: rongquan1 <rongquan.low@gmail.com>
Date: Tue, 21 Oct 2025 15:04:49 +0800
Subject: [PATCH 1/2] fix: security settings

---
 netlify.toml | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

diff --git a/netlify.toml b/netlify.toml
index 8a05a46..334c798 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -5,4 +5,5 @@
 [[headers]]
   for = "/*"
   [headers.values]
-    Access-Control-Allow-Origin = "*"
\ No newline at end of file
+    X-Frame-Options = "DENY"
+    Content-Security-Policy = "frame-ancestors 'none';"
\ No newline at end of file

From 6f7869f4a3e21698784bdce9a8a9b7124431bed9 Mon Sep 17 00:00:00 2001
From: rongquan1 <rongquan.low@gmail.com>
Date: Tue, 21 Oct 2025 16:18:44 +0800
Subject: [PATCH 2/2] fix: add cors header to allow access from
 ref.tradetrust.io

---
 netlify.toml | 1 +
 1 file changed, 1 insertion(+)

diff --git a/netlify.toml b/netlify.toml
index 334c798..959f28f 100644
--- a/netlify.toml
+++ b/netlify.toml
@@ -5,5 +5,6 @@
 [[headers]]
   for = "/*"
   [headers.values]
+    Access-Control-Allow-Origin = "https://ref.tradetrust.io"
     X-Frame-Options = "DENY"
     Content-Security-Policy = "frame-ancestors 'none';"
\ No newline at end of file