Add a Caddyfile to test CSP compatibility

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2020-04-20 00:26:06 +05:30 · 2020-04-20 00:26:06 +05:30 · ebb73f9d79
parent 97f06d1085
commit ebb73f9d79
1 changed files with 48 additions and 0 deletions
--- a/48
+++ b/48
@ -0,0 +1,48 @@
+(compression_config) {
+  gzip
+}
+
+(base_config) {
+  header / {
+    Content-Security-Policy "
+      base-uri 'none';
+      connect-src 'self' commento.msfjarvis.dev;
+      default-src 'none';
+      frame-ancestors 'none';
+      form-action 'self';
+      font-src 'self' data: fonts.gstatic.com commento.msfjarvis.dev;
+      img-src data: 'self' gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev;
+      object-src: 'none';
+      script-src 'self' commento.msfjarvis.dev;
+      style-src 'self' fonts.googleapis.com commento.msfjarvis.dev;
+    "
+    # Security related changes stolen from https://github.com/searx/searx-docker/blob/master/Caddyfile
+    Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
+    X-XSS-Protection "1; mode=block"
+    X-Content-Type-Options "nosniff"
+    X-Frame-Options "SAMEORIGIN"
+    Feature-Policy "accelerometer 'none';ambient-light-sensor 'none'; autoplay 'none';camera 'none';encrypted-media 'none'; geolocation 'none';gyroscope 'none';magnetometer 'none';microphone 'none';midi 'none';payment 'none';picture-in-picture 'none'; speaker 'none';sync-xhr 'none';usb 'none';vr 'none'"
+    Referrer-Policy "no-referrer"
+  }
+}
+
+(proxy_config) {
+  try_duration 5s
+  transparent
+}
+
+:2015 {
+  tls off
+  import base_config
+  import compression_config
+  proxy / http://localhost:1313 {
+    import proxy_config
+  }
+}
+
+:2016 {
+  tls off
+  import base_config
+  import compression_config
+  root public
+}