ecommerce-platform/Caddyfile at 5654964d092f8166eff2d2643f193eea04a0cbe5 - ecommerce-platform - Gitea: Git with a cup of tea

davide/ecommerce-platform

Files

T

davide 0395a78008 fix(security): add HTTP security headers (CSP, HSTS, X-Frame-Options)

- middleware.ts: set X-Frame-Options, X-Content-Type-Options,
  Referrer-Policy, Permissions-Policy, Content-Security-Policy on all responses
- Caddyfile: add Strict-Transport-Security (HSTS 1y), X-Frame-Options,
  X-Content-Type-Options at reverse proxy level

2026-05-19 10:10:08 +02:00

13 lines

274 B

Caddyfile

Raw Blame History

 localhost {
     header {
         Strict-Transport-Security "max-age=31536000; includeSubDomains"
         X-Frame-Options "DENY"
         X-Content-Type-Options "nosniff"
     }
     handle /uploads/* {
         root * /srv
         file_server
     }
     reverse_proxy app:3000
 }