From c768ef7a44d45bcd21c5dea17b0067a393920a9f Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Motiejus=20Jak=C5=A1tys?= Date: Sun, 28 Jan 2024 23:18:30 +0200 Subject: [PATCH] CSP --- pkgs/e11sync-caddyfile.nix | 19 ++++++++++--------- 1 file changed, 10 insertions(+), 9 deletions(-) diff --git a/pkgs/e11sync-caddyfile.nix b/pkgs/e11sync-caddyfile.nix index 8557a27..7c613cd 100644 --- a/pkgs/e11sync-caddyfile.nix +++ b/pkgs/e11sync-caddyfile.nix @@ -7,23 +7,24 @@ writeTextFile { name = "e11sync-caddyfile"; text = '' @addSlash path /static /blog /contact - route @addSlash { redir {uri}/ 302 } header /static/* Cache-Control "public, max-age=31536000, immutable" + header { + Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self'; frame-ancestors 'none'" + Cross-Origin-Opener-Policy same-origin + Referrer-Policy same-origin + X-Content-Type-Options nosniff + + -X-Frame-Options + -Last-Modified + } + @staticRoutes path /static/* /contact/* /blog/* route @staticRoutes { - header { - Cross-Origin-Opener-Policy same-origin - Referrer-Policy same-origin - X-Content-Type-Options nosniff - X-Frame-Options DENY - - -Last-Modified - } file_server * { root ${e11sync-static} precompressed br gzip