# Global caddy config options must be first
{
  admin off
  auto_https off
}

# Bind to port 82
:82

# Serve static files
file_server

# Fallback to index.html for everything but assets
@html {
  not path *.js *.css *.png *.svg *.ttf *.woff2

  file index.html
}

handle_errors {
  header Cache-Control no-store
}

rewrite @html {http.matchers.file.relative}

# Don't cache index.html and set CSP
header @html Cache-Control no-store
header @html Content-Security-Policy "
  default-src 'self';
  connect-src
    {$DOMAIN:https://node.deso.org}/api/v0/get-users-stateless
    {$DOMAIN:https://node.deso.org}/api/v0/get-app-state
    {$DOMAIN:https://node.deso.org}/api/v0/get-referral-info-for-referral-hash
    {$DOMAIN:https://node.deso.org}/api/v0/get-user-derived-keys
    {$DOMAIN:https://node.deso.org}/api/v0/get-transaction-spending
    {$DOMAIN:https://node.deso.org}/api/v0/send-phone-number-verification-text
    {$DOMAIN:https://node.deso.org}/api/v0/submit-phone-number-verification-code
  img-src 'self'
      {$DOMAIN:https://node.deso.org}/api/v0/get-single-profile-picture/;
  style-src 'self' 'unsafe-inline'
    https://fonts.googleapis.com
    https://cdn.jsdelivr.net/npm/bootstrap@4.6.0/dist/css/bootstrap.min.css;
  font-src 'self'
    https://fonts.googleapis.com
    https://fonts.gstatic.com
    https://ka-f.fontawesome.com;"