Caddyfile: Setup CSP

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
2025-08-16 14:47:00 +05:30 · 2020-02-09 13:10:55 +05:30 · 2020-02-09 13:10:55 +05:30 · 0af27cdf57
commit 0af27cdf57
parent 137cf4cca5
1 changed files with 8 additions and 0 deletions
--- a/8
+++ b/8
@ -9,6 +9,14 @@
    header / {
        Content-Security-Policy "
            report-uri https://msfjarvis.report-uri.com/r/d/csp/reportOnly;
            default-src 'self';
            style-src 'self' 'unsafe-inline' fonts.googleapis.com commento.msfjarvis.dev;
            script-src 'self' 'unsafe-inline' commento.msfjarvis.dev;
            font-src 'self' fonts.gstatic.com commento.msfjarvis.dev;
            img-src data: 'self' imgur.com *.imgur.com;
            form-action 'self';
            connect-src 'self' msfjarvis.dev commento.msfjarvis.dev;
            frame-ancestors 'none';
        "
        # Security related changes stolen from https://github.com/searx/searx-docker/blob/master/Caddyfile
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"