fix: resolve CSP and service worker asset errors

Allow posimai-ui base script under CSP, permit unpkg source map fetches, and make SW precache resilient while adding the missing logo asset to prevent install/runtime errors.

Made-with: Cursor

sw.js

@@ -4,7 +4,11 @@ const STATIC = ['/', '/index.html', '/manifest.json', '/logo.png'];
 
 self.addEventListener('install', e => {
     e.waitUntil(
-        caches.open(CACHE).then(c => c.addAll(STATIC))
+        caches.open(CACHE).then(async c => {
+            await Promise.allSettled(
+                STATIC.map(path => c.add(path))
+            );
+        })
     );
     self.skipWaiting();
 });

vercel.json

@@ -30,7 +30,7 @@
         },
         {
           "key": "Content-Security-Policy",
-          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://esm.sh; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://posimai-ui.vercel.app; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https://api.soar-enrich.com wss://api.soar-enrich.com; worker-src 'self'; frame-ancestors 'none';"
+          "value": "default-src 'self'; script-src 'self' 'unsafe-inline' https://unpkg.com https://cdn.jsdelivr.net https://esm.sh https://posimai-ui.vercel.app; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://fonts.gstatic.com https://posimai-ui.vercel.app; font-src 'self' data: https://fonts.gstatic.com; img-src 'self' data: https:; media-src 'self' https:; connect-src 'self' https://api.soar-enrich.com wss://api.soar-enrich.com https://unpkg.com; worker-src 'self'; frame-ancestors 'none';"
         },
         {
           "key": "Strict-Transport-Security",