# Global caddy config options must be first { admin off auto_https off } # Bind to port 80 :80 # Serve static files file_server # Fallback to index.html for everything but assets @html { not path *.js *.css *.png *.jpg *.svg *.pdf *.eot *.ttf *.woff *.woff2 *.webmanifest file index.html } handle_errors { header Cache-Control no-store } rewrite @html {http.matchers.file.relative} # Don't cache index.html and set CSP header @html Cache-Control no-store header @html Content-Security-Policy " default-src 'self'; connect-src 'self' node.deso.org amp.deso.org bithunt.deso.org bitclout.com:* api.bitclout.com bithunt.bitclout.com https://altumbase.com localhost:* explorer.bitclout.com https://api.blockchain.com/ticker https://api.blockchain.com/mempool/fees https://ka-f.fontawesome.com/ bitcoinfees.earn.com api.blockcypher.com amp.bitclout.com api.testwyre.com api.sendwyre.com https://videodelivery.net https://upload.videodelivery.net; script-src 'self' https://kit.fontawesome.com/070ca4195b.js https://ka-f.fontawesome.com/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css; img-src 'self' data: i.imgur.com images.deso.org images.bitclout.com quickchart.io arweave.net *.arweave.net *.pearl.app cloudflare-ipfs.com; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://ka-f.fontawesome.com; frame-src 'self' localhost:* identity.deso.org identity.deso.blue identity.deso.green identity.bitclout.com identity.bitclout.blue identity.bitclout.green https://geo.captcha-delivery.com https://www.youtube.com https://youtube.com https://player.vimeo.com https://www.tiktok.com https://giphy.com https://open.spotify.com https://w.soundcloud.com https://player.twitch.tv https://clips.twitch.tv pay.testwyre.com pay.sendwyre.com https://iframe.videodelivery.net; frame-ancestors 'self';"