Make Caddyfile more permissive: Remove MIME type restrictions and allow all content types

2025-03-08 12:33:05 -05:00 · 2025-03-08 12:33:05 -05:00 · 1b99dfec36
parent 4de0435b6a
commit 1b99dfec36
1 changed files with 25 additions and 34 deletions
--- a/docker/showerloop/Caddyfile.default.template
+++ b/docker/showerloop/Caddyfile.default.template
@ -13,29 +13,12 @@
    # Enable compression for text-based resources
    encode gzip zstd

-    # MIME type overrides for HLS streaming - allow multiple formats
-    @m3u8Files {
-        path *.m3u8
-    }
-    @tsFiles {
-        path *.ts
-    }
-    # Support multiple MIME types for HLS
-    header @m3u8Files {
-        Content-Type "application/x-mpegURL, application/vnd.apple.mpegurl"
-        Access-Control-Allow-Origin "*"
-    }
-    header @tsFiles {
-        Content-Type "video/MP2T"
-        Access-Control-Allow-Origin "*"
-    }
-
-    # Security headers
+    # Allow all file types - disable mime type checking
    header {
-        # Cross-Origin headers
-        Cross-Origin-Embedder-Policy "require-corp"
-        Cross-Origin-Opener-Policy "same-origin"
-        Cross-Origin-Resource-Policy "same-origin"
+        # Cross-Origin headers - allow everything
+        Access-Control-Allow-Origin "*"
+        Access-Control-Allow-Methods "GET, OPTIONS, POST"
+        Access-Control-Allow-Headers "*"
        
        # Permissions Policy
        Permissions-Policy "camera=(), microphone=(), geolocation=(), interest-cohort=()"
@ -46,8 +29,8 @@
        # HSTS
        Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
        
-        # Content Type Options
-        X-Content-Type-Options "nosniff"
+        # Content Type Options - disable for more permissive handling
+        # X-Content-Type-Options "nosniff"
        
        # XSS Protection
        X-XSS-Protection "1; mode=block"
@ -55,13 +38,29 @@
        # Frame Options (prevents clickjacking)
        X-Frame-Options "SAMEORIGIN"
        
-        # Update CSP to allow media content, scripts, and blob URLs with hashes
-        Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; worker-src 'self' blob:"
+        # Permissive CSP that allows everything
+        Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;"
        
        # Remove Server header
        -Server
    }

+    # HLS specific handling - explicit MIME types for all m3u8 and ts files
+    @m3u8Files {
+        path *.m3u8
+    }
+    @tsFiles {
+        path *.ts
+    }
+    header @m3u8Files {
+        Content-Type "application/x-mpegURL"
+        Access-Control-Allow-Origin "*"
+    }
+    header @tsFiles {
+        Content-Type "video/MP2T"
+        Access-Control-Allow-Origin "*"
+    }
+
    # Cache control for static assets - images, fonts, etc.
    @staticAssets {
        path *.jpg *.jpeg *.png *.webp *.avif *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
@ -84,14 +83,6 @@
    }
    header @htmlFiles Cache-Control "public, max-age=86400, must-revalidate"

-    # HLS file handling
-    @hlsFiles {
-        path *.m3u8 *.ts
-        method GET HEAD
-    }
-    header @hlsFiles Cache-Control "public, max-age=300"
-    header @hlsFiles Access-Control-Allow-Origin "*"
-
    # Static file server
    file_server {
        root /srv # Root directory for serving static files