diff --git a/app/helpers.php b/app/helpers.php
index c9c722c..85d070b 100644
--- a/app/helpers.php
+++ b/app/helpers.php
@@ -80,9 +80,9 @@ function buildListItems(string $dir, Context $ctx, ?array $parentMetadata): arra
 
     $sortOrder = strtolower($parentMetadata['order'] ?? 'descending');
     if ($sortOrder === 'ascending') {
-        usort($items, fn($a, $b) => strcmp($a['date'] ?? '', $b['date'] ?? ''));
+        usort($items, fn($a, $b) => strcmp($a['rawDate'] ?? '', $b['rawDate'] ?? ''));
     } else {
-        usort($items, fn($a, $b) => strcmp($b['date'] ?? '', $a['date'] ?? ''));
+        usort($items, fn($a, $b) => strcmp($b['rawDate'] ?? '', $a['rawDate'] ?? ''));
     }
 
     return $items;
diff --git a/app/router.php b/app/router.php
index e3b4b77..6f4d3a3 100644
--- a/app/router.php
+++ b/app/router.php
@@ -17,10 +17,30 @@ $ctx = createContext();
 $GLOBALS['ctx'] = $ctx;
 
 // Check for assets in /custom/assets/ served at root level
-$assetPath = dirname(__DIR__) . '/custom/assets/' . $ctx->requestPath;
-if (file_exists($assetPath) && is_file($assetPath)) {
-    header('Content-Type: ' . (mime_content_type($assetPath) ?: 'application/octet-stream'));
-    readfile($assetPath);
+$assetsDir = realpath(dirname(__DIR__) . '/custom/assets');
+$realAsset = realpath($assetsDir . '/' . $ctx->requestPath);
+if ($realAsset && strncmp($realAsset, $assetsDir . '/', strlen($assetsDir) + 1) === 0 && is_file($realAsset)) {
+    $assetMimeTypes = [
+        'css'     => 'text/css',
+        'js'      => 'application/javascript',
+        'json'    => 'application/json',
+        'geojson' => 'application/json',
+        'svg'     => 'image/svg+xml',
+        'woff'    => 'font/woff',
+        'woff2'   => 'font/woff2',
+        'ttf'     => 'font/ttf',
+        'otf'     => 'font/otf',
+        'png'     => 'image/png',
+        'jpg'     => 'image/jpeg',
+        'jpeg'    => 'image/jpeg',
+        'webp'    => 'image/webp',
+    ];
+    $assetExt = strtolower(pathinfo($realAsset, PATHINFO_EXTENSION));
+    $mime = $assetMimeTypes[$assetExt] ?? 'application/octet-stream';
+    $cacheSeconds = in_array($assetExt, ['json', 'geojson']) ? 60 : 31536000;
+    header('Content-Type: ' . $mime);
+    header('Cache-Control: public, max-age=' . $cacheSeconds);
+    readfile($realAsset);
     exit;
 }