From 7d05cabf3e4120cb3bd02543ea6bd902ad7d6f39 Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <me@msfjarvis.dev>
Date: Wed, 22 Jul 2020 09:26:53 +0530
Subject: [PATCH] Caddyfile: commonize CSP

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
---
 Caddyfile | 55 ++++++++++++++++++++++---------------------------------
 1 file changed, 22 insertions(+), 33 deletions(-)

diff --git a/Caddyfile b/Caddyfile
index 5b6aa42..5e888a4 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -23,6 +23,26 @@
   transparent
 }
 
+(csp_config) {
+  header / {
+    Content-Security-Policy "
+      base-uri 'self';
+      connect-src 'self' commento.msfjarvis.dev;
+      default-src 'self';
+      frame-ancestors 'none';
+      frame-src github.com;
+      font-src 'self' data: commento.msfjarvis.dev;
+      img-src 'self' data: gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev;
+      object-src 'none';
+      script-src 'self' commento.msfjarvis.dev platform.twitter.com unpkg.com;
+      style-src 'self' commento.msfjarvis.dev 'unsafe-inline';
+    "
+  }
+  errors {
+    404 404.html
+  }
+}
+
 https://www.msfjarvis.dev {
   import base_config
   redir https://msfjarvis.dev{uri} 301
@@ -31,30 +51,14 @@ https://www.msfjarvis.dev {
 https://msfjarvis.dev {
   import base_config
   import compression_config
+  import csp_config
   root /var/www/msfjarvis.dev/
   log / /etc/logs/requests.log
-  errors {
-    404 404.html
-  }
   redir 301 {
     /caesium-stable https://dl.msfjarvis.dev/caesium/wahoo/stable/updater.json
     /caesium-beta https://dl.msfjarvis.dev/caesium/wahoo/beta/updater.json
     /caesium-alpha https://dl.msfjarvis.dev/caesium/wahoo/alpha/updater.json
   }
-  header / {
-    Content-Security-Policy "
-      base-uri 'self';
-      connect-src 'self' commento.msfjarvis.dev;
-      default-src 'self';
-      frame-ancestors 'none';
-      frame-src github.com;
-      font-src 'self' data: commento.msfjarvis.dev;
-      img-src 'self' data: gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev;
-      object-src 'none';
-      script-src 'self' commento.msfjarvis.dev platform.twitter.com unpkg.com;
-      style-src 'self' commento.msfjarvis.dev 'unsafe-inline';
-    "
-  }
 }
 
 https://bin.msfjarvis.dev {
@@ -94,21 +98,6 @@ https://rss.msfjarvis.dev {
 https://staging.msfjarvis.dev {
   import base_config
   import compression_config
+  import csp_config
   root /var/www/staging.msfjarvis.dev/
-  errors {
-    404 404.html
-  }
-  header / {
-    Content-Security-Policy "
-      base-uri 'self';
-      connect-src 'self' commento.msfjarvis.dev;
-      default-src 'self';
-      frame-ancestors 'none';
-      font-src 'self' data: commento.msfjarvis.dev stackpath.bootstrapcdn.com;
-      img-src 'self' data: gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev *.amazonaws.com;
-      object-src 'none';
-      script-src 'self' commento.msfjarvis.dev unpkg.com;
-      style-src 'self' commento.msfjarvis.dev stackpath.bootstrapcdn.com;
-    "
-  }
 }