msfjarvis/server-config
1
Fork 0
mirror of https://github.com/msfjarvis/server-config synced 2025-08-14 01:17:02 +05:30
Code Issues Projects Releases Packages Wiki Activity Actions

Caddyfile: strengthen CSP

Browse source 
Signed-off-by: Harsh Shandilya <me@msfjarvis.dev>
This commit is contained in:
Harsh Shandilya 2020-04-20 00:42:01 +05:30
parent 9ac7751a5d
commit e22853b02c
No known key found for this signature in database
GPG key ID: 366D7BBAD1031E80
1 changed files with 8 additions and 6 deletions
Download patch file Download diff file Expand all files Collapse all files

14
Caddyfile
View file

@ -10,14 +10,16 @@
}
header / {
Content-Security-Policy "
default-src 'self';
style-src 'self' 'unsafe-inline' fonts.googleapis.com commento.msfjarvis.dev;
script-src 'self' 'unsafe-eval' 'unsafe-inline' commento.msfjarvis.dev;
base-uri 'none';
connect-src 'self' commento.msfjarvis.dev;
default-src 'none';
frame-ancestors 'none';
form-action 'self';
font-src 'self' data: fonts.gstatic.com commento.msfjarvis.dev;
img-src data: 'self' gfycat.com imgur.com *.imgur.com commento.msfjarvis.dev;
form-action 'self';
connect-src 'self' msfjarvis.dev commento.msfjarvis.dev;
frame-ancestors 'none';
object-src 'none';
script-src 'self' commento.msfjarvis.dev;
style-src 'self' fonts.googleapis.com commento.msfjarvis.dev;
"
# Security related changes stolen from https://github.com/searx/searx-docker/blob/master/Caddyfile
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"