(security) {
    header * {
        -Server
        -Date

        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        Content-Security-Policy "default-src 'self' 'unsafe-inline' https://fonts.gstatic.com https://fonts.googleapis.com https://cdn.jsdelivr.net;"
        Feature-Policy "geolocation none;midi none;notifications none;push none;sync-xhr none;microphone none;camera none;magnetometer none;gyroscope none;speaker self;vibrate none;fullscreen self;payment none;"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "DENY"
        X-XSS-Protection "1; mode=block"
        Referrer-Policy "origin"
    }
}

localhost {
    @static {
        path *.css *.js
        file
    }

    @404 {
        expression {http.error.status_code} == 404
    }

    route /* {
        reverse_proxy http://localhost:3000
    }

    handle_errors {
        rewrite @404 /404.html
        reverse_proxy http://localhost:3000
    }

    route /api/* {
        uri strip_prefix /api
        reverse_proxy http://localhost:8081
    }

    header @static Cache-Control "public, max-age=31536000"

    encode gzip
    root * /home/hubert/Workspace/Notes-TFE/frontend/dist
    log

    import security
}

www.localhost {
    redir * https://localhost{path}
}