marcel/familienarchiv
1
0
Fork 0
Code Issues 110 Pull Requests Actions Packages Projects Releases Wiki Activity

devops(caddy): add HSTS to GlitchTip vhost

Browse Source 
Caddy does not set Strict-Transport-Security on GlitchTip because the
full security_headers snippet is intentionally omitted (Permissions-Policy
interferes with the Sentry SDK CORS). Adding HSTS alone guarantees
HTTPS enforcement at the Caddy layer without breaking SDK ingestion.

Co-Authored-By: Claude Sonnet 4.6 <noreply@anthropic.com>
This commit is contained in:
Marcel
2026-05-15 13:43:35 +02:00
parent 4c8a23ff14
commit b137e3e72d
1 changed files with 1 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

1
infra/caddy/Caddyfile
View File

@@ -95,5 +95,6 @@ grafana.archiv.raddatz.cloud {
} }
glitchtip.archiv.raddatz.cloud { glitchtip.archiv.raddatz.cloud {
header Strict-Transport-Security "max-age=31536000; includeSubDomains; preload"
reverse_proxy 127.0.0.1:3002 reverse_proxy 127.0.0.1:3002
} }