supersam/Caddyfile

:80

root * /usr/share/caddy

@static path /assets/* /icons/* /manifest.webmanifest /service-worker.js
handle @static {
    file_server
}

handle {
    try_files {path} /index.html
    file_server
}

header {
    Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data: https://supa.supersamsev.ru; font-src 'self'; connect-src 'self' https://supa.supersamsev.ru wss://supa.supersamsev.ru https://fcm.googleapis.com; frame-ancestors 'none'; form-action 'self'; base-uri 'self'"
    X-Content-Type-Options "nosniff"
    X-Frame-Options "DENY"
    Referrer-Policy "strict-origin-when-cross-origin"
    X-XSS-Protection "0"
    Cross-Origin-Opener-Policy "same-origin"
    Service-Worker-Allowed "/"
}