# Global caddy config options must be first
{
admin off
auto_https off
}
# Bind to port 80
:80
# Serve static files
file_server
# Fallback to index.html for everything but assets
@html {
not path *.js *.css *.png *.jpg *.svg *.pdf *.eot *.ttf *.woff *.woff2 *.webmanifest
file index.html
}
handle_errors {
header Cache-Control no-store
}
rewrite @html {http.matchers.file.relative}
# Don't cache index.html and set CSP
header @html Cache-Control no-store
header @html Content-Security-Policy "
default-src 'self';
connect-src 'self'
node.deso.org
amp.deso.org
bithunt.deso.org
bitclout.com:*
api.bitclout.com
bithunt.bitclout.com
https://altumbase.com
localhost:*
explorer.bitclout.com
https://api.blockchain.com/ticker
https://api.blockchain.com/mempool/fees
https://ka-f.fontawesome.com/
bitcoinfees.earn.com
api.blockcypher.com
amp.bitclout.com
api.testwyre.com
api.sendwyre.com
https://videodelivery.net
https://upload.videodelivery.net;
script-src 'self'
https://kit.fontawesome.com/070ca4195b.js
https://ka-f.fontawesome.com/;
style-src 'self'
'unsafe-inline'
https://fonts.googleapis.com
https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css;
img-src 'self'
data:
i.imgur.com
images.deso.org
images.bitclout.com
quickchart.io
arweave.net
*.arweave.net
*.pearl.app
cloudflare-ipfs.com;
font-src 'self'
https://fonts.googleapis.com
https://fonts.gstatic.com
https://ka-f.fontawesome.com;
frame-src 'self'
localhost:*
identity.deso.org
identity.deso.blue
identity.deso.green
identity.bitclout.com
identity.bitclout.blue
identity.bitclout.green
https://geo.captcha-delivery.com
https://www.youtube.com
https://youtube.com
https://player.vimeo.com
https://www.tiktok.com
https://giphy.com
https://open.spotify.com
https://w.soundcloud.com
https://player.twitch.tv
https://clips.twitch.tv
pay.testwyre.com
pay.sendwyre.com
https://iframe.videodelivery.net;
frame-ancestors 'self';"