From 7fa7b84d92aef8e81601305c0316ec36ecab1097 Mon Sep 17 00:00:00 2001
From: Harsh Shandilya <me@msfjarvis.dev>
Date: Mon, 13 Jul 2020 02:49:38 +0530
Subject: [PATCH] Caddyfile: set CSP for staging environment

Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
---
 Caddyfile | 13 +++++++++++++
 1 file changed, 13 insertions(+)

diff --git a/Caddyfile b/Caddyfile
index ba4b558..774c27a 100644
--- a/Caddyfile
+++ b/Caddyfile
@@ -98,4 +98,17 @@ https://staging.msfjarvis.dev {
   errors {
     404 404.html
   }
+  header / {
+    Content-Security-Policy "
+      base-uri 'self';
+      connect-src 'self' commento.msfjarvis.dev;
+      default-src 'self';
+      frame-ancestors 'none';
+      font-src 'self' data: commento.msfjarvis.dev stackpath.bootstrapcdn.com;
+      img-src 'self' data: gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev *.amazonaws.com;
+      object-src 'none';
+      script-src 'self' commento.msfjarvis.dev unpkg.com;
+      style-src 'self' commento.msfjarvis.dev stackpath.bootstrapcdn.com;
+    "
+  }
 }