From 4feb9f9b7a11fdc9f6cbfdcdbf3c4a3f55b15c2d Mon Sep 17 00:00:00 2001 From: ruinivist <179396038+ruinivist@users.noreply.github.com> Date: Tue, 2 Jun 2026 08:14:48 +0000 Subject: [PATCH] feat: add security headers to caddyfile Added `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, and `Content-Security-Policy` to the Caddyfile to prevent common web vulnerabilities like XSS, MIME sniffing, and Clickjacking. --- Caddyfile | 7 +++++++ 1 file changed, 7 insertions(+) diff --git a/Caddyfile b/Caddyfile index 5cd8f6d..b0df1eb 100644 --- a/Caddyfile +++ b/Caddyfile @@ -6,6 +6,13 @@ :80 { encode zstd gzip + header { + X-Frame-Options "DENY" + X-Content-Type-Options "nosniff" + Referrer-Policy "strict-origin-when-cross-origin" + Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:;" + } + handle /mcp { reverse_proxy 127.0.0.1:3001 }