mirror of
https://github.com/searxng/searxng-docker.git
synced 2026-07-18 22:11:25 +00:00
merge upstream changes
This commit is contained in:
33
Caddyfile
33
Caddyfile
@@ -33,20 +33,21 @@ encode zstd gzip
|
||||
path /stats/checker
|
||||
}
|
||||
|
||||
@static {
|
||||
path /static/*
|
||||
@search {
|
||||
path /search
|
||||
}
|
||||
|
||||
@imageproxy {
|
||||
path /image_proxy
|
||||
}
|
||||
|
||||
header {
|
||||
# Force clients to use HTTPS
|
||||
Strict-Transport-Security "max-age=31536000"
|
||||
@static {
|
||||
path /static/*
|
||||
}
|
||||
|
||||
# Prevent MIME type sniffing from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
header {
|
||||
# CSP (https://content-security-policy.com)
|
||||
Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src * data:; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com;"
|
||||
|
||||
# Disable some browser features
|
||||
Permissions-Policy "accelerometer=(),camera=(),geolocation=(),gyroscope=(),magnetometer=(),microphone=(),payment=(),usb=()"
|
||||
@@ -54,6 +55,12 @@ header {
|
||||
# Set referrer policy
|
||||
Referrer-Policy "no-referrer"
|
||||
|
||||
# Force clients to use HTTPS
|
||||
Strict-Transport-Security "max-age=31536000"
|
||||
|
||||
# Prevent MIME type sniffing from the declared Content-Type
|
||||
X-Content-Type-Options "nosniff"
|
||||
|
||||
# X-Robots-Tag (comment to allow site indexing)
|
||||
X-Robots-Tag "noindex, noarchive, nofollow"
|
||||
|
||||
@@ -67,13 +74,11 @@ header @api {
|
||||
}
|
||||
|
||||
route {
|
||||
# Caching
|
||||
header Cache-Control "no-cache, no-store"
|
||||
header @static Cache-Control "public, max-age=31536000"
|
||||
|
||||
# CSP (https://content-security-policy.com)
|
||||
header Content-Security-Policy "upgrade-insecure-requests; default-src 'none'; script-src 'self'; style-src 'self' 'unsafe-inline'; form-action 'self' https://github.com/searxng/searxng/issues/new; font-src 'self'; frame-ancestors 'self'; base-uri 'self'; connect-src 'self' https://overpass-api.de; img-src 'self' data: https://*.tile.openstreetmap.org; frame-src https://www.youtube-nocookie.com https://player.vimeo.com https://www.dailymotion.com https://www.deezer.com https://www.mixcloud.com https://w.soundcloud.com https://embed.spotify.com"
|
||||
header @imageproxy Content-Security-Policy "default-src 'none'; img-src 'self' data:"
|
||||
# Cache policy
|
||||
header Cache-Control "max-age=0, no-store"
|
||||
header @search Cache-Control "max-age=5, private"
|
||||
header @imageproxy Cache-Control "max-age=604800, public"
|
||||
header @static Cache-Control "max-age=31536000, public, immutable"
|
||||
}
|
||||
|
||||
# SearXNG (uWSGI)
|
||||
|
||||
Reference in New Issue
Block a user