Files
excalidraw-box/Caddyfile
ruinivist 10ee988ce2 feat: add http security headers to caddy config
Adds X-Frame-Options, X-Content-Type-Options, and Referrer-Policy
headers to all responses served by Caddy to mitigate clickjacking and
MIME-type sniffing.
2026-06-05 08:20:05 +00:00

37 lines
659 B
Caddyfile

{
auto_https off
admin off
}
:80 {
encode zstd gzip
header {
X-Frame-Options "DENY"
X-Content-Type-Options "nosniff"
Referrer-Policy "strict-origin-when-cross-origin"
}
handle /mcp {
reverse_proxy 127.0.0.1:3001
}
@app path / /api/*
handle @app {
reverse_proxy 127.0.0.1:3000
}
handle {
root * /srv/public
@html path /index.html /d/* /p/*
header @html Cache-Control "no-cache"
@assets path_regexp assets \.(?:css|js|mjs|svg|png|jpg|jpeg|gif|webp|ico|woff2?|ttf|otf)$
header @assets Cache-Control "public, max-age=31536000, immutable"
try_files {path} /index.html
file_server
}
}