Nils-Johan Gynther
0fb507f247
Updated the Content-Security-Policy header to include Google Fonts and Google Analytics domains: - Added `https://www.gstatic.com` to `script-src`, `script-src-elem`, `img-src`, and `font-src` directives - Removed duplicate `script-src` and `style-src` entries in the policy - Ensured all relevant directives properly include the new domains
37 lines
1.5 KiB
Caddyfile
37 lines
1.5 KiB
Caddyfile
:{$PORT:5000} {
|
||
root * /usr/share/caddy
|
||
|
||
header {
|
||
Content-Security-Policy "default-src 'self'; base-uri 'self'; object-src 'none'; frame-ancestors 'self'; script-src 'self' 'unsafe-inline' https://www.gstatic.com; script-src-elem 'self' 'unsafe-inline' https://www.gstatic.com; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob: https://www.gstatic.com; font-src 'self' data: https://www.gstatic.com; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:;" script-src 'self' 'unsafe-inline'; style-src 'self' 'unsafe-inline'; img-src 'self' data: blob:; font-src 'self' data:; connect-src 'self' https: http: ws: wss:; worker-src 'self' blob:"
|
||
}
|
||
|
||
@staticAssets {
|
||
path *.js *.wasm *.woff *.woff2 *.ttf *.otf
|
||
}
|
||
header @staticAssets Cache-Control "public, max-age=86400"
|
||
|
||
@hashedAssets {
|
||
path_regexp hashedAssets .*[._-][0-9a-fA-F]{8,}\.(js|css|wasm|woff2?|ttf|otf)$
|
||
}
|
||
header @hashedAssets Cache-Control "public, max-age=31536000, immutable"
|
||
|
||
@serviceWorker path /flutter_service_worker.js /version.json
|
||
header @serviceWorker Cache-Control "no-cache, must-revalidate"
|
||
|
||
@index path / /index.html
|
||
header @index Cache-Control "public, max-age=300, must-revalidate"
|
||
|
||
# Proxy API calls to backend service on the internal Docker network.
|
||
handle /api/* {
|
||
reverse_proxy recipe-api:8080
|
||
}
|
||
|
||
# SPA-routing – returnera alltid index.html för okända paths
|
||
handle {
|
||
try_files {path} /index.html
|
||
file_server
|
||
}
|
||
|
||
encode gzip
|
||
}
|