# Global caddy config options must be first { admin off auto_https off } # Bind to port 82 :82 # Serve static files file_server # Fallback to index.html for everything but assets @html { not path *.js *.css *.png *.svg *.ttf *.woff2 file index.html } handle_errors { header Cache-Control no-store } rewrite @html {http.matchers.file.relative} # Don't cache index.html and set CSP header @html Cache-Control no-store header @html Content-Security-Policy " default-src 'self'; connect-src {$DOMAIN:https://node.deso.org}/api/v0/get-users-stateless {$DOMAIN:https://node.deso.org}/api/v0/get-app-state {$DOMAIN:https://node.deso.org}/api/v0/get-referral-info-for-referral-hash {$DOMAIN:https://node.deso.org}/api/v0/get-user-derived-keys {$DOMAIN:https://node.deso.org}/api/v0/get-transaction-spending {$DOMAIN:https://node.deso.org}/api/v0/send-phone-number-verification-text {$DOMAIN:https://node.deso.org}/api/v0/submit-phone-number-verification-code img-src 'self' {$DOMAIN:https://node.deso.org}/api/v0/get-single-profile-picture/; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css; font-src 'self' https://fonts.googleapis.com https://fonts.gstatic.com https://ka-f.fontawesome.com;"