commit c768ef7a44d45bcd21c5dea17b0067a393920a9f (tree) parent 4891305c29074636b308b1da484d2982faa64f64 Author: Motiejus Jakštys <motiejus@jakstys.lt> Date: Sun, 28 Jan 2024 23:18:30 +0200 CSP Diffstat:
| M | pkgs/e11sync-caddyfile.nix | | | 19 | ++++++++++--------- |
1 file changed, 10 insertions(+), 9 deletions(-)
diff --git a/pkgs/e11sync-caddyfile.nix b/pkgs/e11sync-caddyfile.nix @@ -7,23 +7,24 @@ writeTextFile { name = "e11sync-caddyfile"; text = '' @addSlash path /static /blog /contact - route @addSlash { redir {uri}/ 302 } header /static/* Cache-Control "public, max-age=31536000, immutable" + header { + Content-Security-Policy "default-src 'none'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; script-src 'self'; frame-ancestors 'none'" + Cross-Origin-Opener-Policy same-origin + Referrer-Policy same-origin + X-Content-Type-Options nosniff + + -X-Frame-Options + -Last-Modified + } + @staticRoutes path /static/* /contact/* /blog/* route @staticRoutes { - header { - Cross-Origin-Opener-Policy same-origin - Referrer-Policy same-origin - X-Content-Type-Options nosniff - X-Frame-Options DENY - - -Last-Modified - } file_server * { root ${e11sync-static} precompressed br gzip