{
    debug
}

# Hauptdomain für die Anwendung
m040tbaraspi001.de040.corpintra.net, m040tbaraspi001, localhost {
    reverse_proxy myp-rp:3000
    tls internal

    # Erlaube HTTP -> HTTPS Redirects für OAuth
    @oauth path /auth/login/callback*
    handle @oauth {
        header Cache-Control "no-cache"
        reverse_proxy myp-rp:3000
    }
    
    # Allgemeine Header für Sicherheit und Caching
    header {
        # Sicherheitsheader
        Strict-Transport-Security "max-age=31536000; includeSubDomains"
        X-Content-Type-Options "nosniff"
        X-Frame-Options "SAMEORIGIN"
        Referrer-Policy "strict-origin-when-cross-origin"
        
        # Cache-Control für statische Assets
        @static {
            path *.js *.css *.png *.jpg *.svg *.ico *.woff *.woff2
        }
        header @static Cache-Control "public, max-age=86400"
        
        # Keine Caches für dynamische Inhalte
        @dynamic {
            not path *.js *.css *.png *.jpg *.svg *.ico *.woff *.woff2
        }
        header @dynamic Cache-Control "no-store, no-cache, must-revalidate"
    }
}