colin
/
ShowerLoop-cc
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Make Caddyfile more permissive: Remove MIME type restrictions and allow all content types
ci/woodpecker/push/woodpecker Pipeline was successful Details

This commit is contained in:
Leopere 2025-03-08 12:33:05 -05:00
parent 4de0435b6a
commit 1b99dfec36
1 changed files with 25 additions and 34 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

59
docker/showerloop/Caddyfile.default.template
View File

@ -13,29 +13,12 @@
# Enable compression for text-based resources # Enable compression for text-based resources
encode gzip zstd encode gzip zstd
# MIME type overrides for HLS streaming - allow multiple formats # Allow all file types - disable mime type checking
@m3u8Files {
path *.m3u8
}
@tsFiles {
path *.ts
}
# Support multiple MIME types for HLS
header @m3u8Files {
Content-Type "application/x-mpegURL, application/vnd.apple.mpegurl"
Access-Control-Allow-Origin "*"
}
header @tsFiles {
Content-Type "video/MP2T"
Access-Control-Allow-Origin "*"
}
# Security headers
header { header {
# Cross-Origin headers # Cross-Origin headers - allow everything
Cross-Origin-Embedder-Policy "require-corp" Access-Control-Allow-Origin "*"
Cross-Origin-Opener-Policy "same-origin" Access-Control-Allow-Methods "GET, OPTIONS, POST"
Cross-Origin-Resource-Policy "same-origin" Access-Control-Allow-Headers "*"
# Permissions Policy # Permissions Policy
Permissions-Policy "camera=(), microphone=(), geolocation=(), interest-cohort=()" Permissions-Policy "camera=(), microphone=(), geolocation=(), interest-cohort=()"
@ -46,8 +29,8 @@
# HSTS # HSTS
Strict-Transport-Security "max-age=31536000; includeSubDomains; preload" Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
# Content Type Options # Content Type Options - disable for more permissive handling
X-Content-Type-Options "nosniff" # X-Content-Type-Options "nosniff"
# XSS Protection # XSS Protection
X-XSS-Protection "1; mode=block" X-XSS-Protection "1; mode=block"
@ -55,13 +38,29 @@
# Frame Options (prevents clickjacking) # Frame Options (prevents clickjacking)
X-Frame-Options "SAMEORIGIN" X-Frame-Options "SAMEORIGIN"
# Update CSP to allow media content, scripts, and blob URLs with hashes # Permissive CSP that allows everything
Content-Security-Policy "default-src 'self'; script-src 'self' 'unsafe-inline' blob:; style-src 'self' 'unsafe-inline'; img-src 'self' https: data: blob:; media-src 'self' blob:; font-src 'self' data:; connect-src 'self'; frame-ancestors 'none'; worker-src 'self' blob:" Content-Security-Policy "default-src * 'unsafe-inline' 'unsafe-eval' data: blob:;"
# Remove Server header # Remove Server header
-Server -Server
} }
# HLS specific handling - explicit MIME types for all m3u8 and ts files
@m3u8Files {
path *.m3u8
}
@tsFiles {
path *.ts
}
header @m3u8Files {
Content-Type "application/x-mpegURL"
Access-Control-Allow-Origin "*"
}
header @tsFiles {
Content-Type "video/MP2T"
Access-Control-Allow-Origin "*"
}
# Cache control for static assets - images, fonts, etc. # Cache control for static assets - images, fonts, etc.
@staticAssets { @staticAssets {
path *.jpg *.jpeg *.png *.webp *.avif *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot path *.jpg *.jpeg *.png *.webp *.avif *.gif *.ico *.svg *.woff *.woff2 *.ttf *.eot
@ -84,14 +83,6 @@
} }
header @htmlFiles Cache-Control "public, max-age=86400, must-revalidate" header @htmlFiles Cache-Control "public, max-age=86400, must-revalidate"
# HLS file handling
@hlsFiles {
path *.m3u8 *.ts
method GET HEAD
}
header @hlsFiles Cache-Control "public, max-age=300"
header @hlsFiles Access-Control-Allow-Origin "*"
# Static file server # Static file server
file_server { file_server {
root /srv # Root directory for serving static files root /srv # Root directory for serving static files