ISL runs as a systemd service on the host, not in Docker. Point Caddy to 172.18.0.1:3011 (Docker gateway) instead of isl-server:3011. Strip X-Frame-Options and use CSP frame-ancestors to allow embedding from grove.host. Co-Authored-By: Claude Opus 4.6 <noreply@anthropic.com>
| @@ -87,16 +87,20 @@ | ||
| 87 | 87 | |
| 88 | 88 | isl.{$DOMAIN} { |
| 89 | 89 | handle /ws { |
| 90 | reverse_proxy isl-server:3011 | |
| 90 | reverse_proxy 172.18.0.1:3011 { | |
| 91 | header_down -X-Frame-Options | |
| 92 | } | |
| 91 | 93 | } |
| 92 | 94 | |
| 93 | 95 | handle { |
| 94 | reverse_proxy isl-server:3011 | |
| 96 | reverse_proxy 172.18.0.1:3011 { | |
| 97 | header_down -X-Frame-Options | |
| 98 | } | |
| 95 | 99 | } |
| 96 | 100 | |
| 97 | 101 | header { |
| 98 | 102 | X-Content-Type-Options nosniff |
| 99 | X-Frame-Options SAMEORIGIN | |
| 103 | Content-Security-Policy "frame-ancestors https://grove.host https://*.grove.host" | |
| 100 | 104 | } |
| 101 | 105 | } |
| 102 | 106 | |
| 103 | 107 | |