4feb9f9b7a
Added `X-Frame-Options`, `X-Content-Type-Options`, `Referrer-Policy`, and `Content-Security-Policy` to the Caddyfile to prevent common web vulnerabilities like XSS, MIME sniffing, and Clickjacking.
38 lines
829 B
Caddyfile
38 lines
829 B
Caddyfile
{
|
|
auto_https off
|
|
admin off
|
|
}
|
|
|
|
:80 {
|
|
encode zstd gzip
|
|
|
|
header {
|
|
X-Frame-Options "DENY"
|
|
X-Content-Type-Options "nosniff"
|
|
Referrer-Policy "strict-origin-when-cross-origin"
|
|
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:;"
|
|
}
|
|
|
|
handle /mcp {
|
|
reverse_proxy 127.0.0.1:3001
|
|
}
|
|
|
|
@app path / /api/*
|
|
handle @app {
|
|
reverse_proxy 127.0.0.1:3000
|
|
}
|
|
|
|
handle {
|
|
root * /srv/public
|
|
|
|
@html path /index.html /d/* /p/*
|
|
header @html Cache-Control "no-cache"
|
|
|
|
@assets path_regexp assets \.(?:css|js|mjs|svg|png|jpg|jpeg|gif|webp|ico|woff2?|ttf|otf)$
|
|
header @assets Cache-Control "public, max-age=31536000, immutable"
|
|
|
|
try_files {path} /index.html
|
|
file_server
|
|
}
|
|
}
|