feat: update Caddyfile

Author: webees

config/Caddyfile

@@ -28,38 +28,31 @@
 	}
 
 	# Domain Access Control
-	@allowed_domain {
-		# If CADDY_DOMAINS is not set, allow all
-		expression {env.CADDY_DOMAINS} == ""
-		# Or if the host matches the allowed list
-		host {$CADDY_DOMAINS}
-	}
-
-	# Deny everything else if CADDY_DOMAINS is set
-	handle @allowed_domain {
-		# Main Reverse Proxy Logic
-		handle {
-			encode zstd gzip
-
-			# Harden security posture
-			header {
-				Strict-Transport-Security "max-age=31536000;"
-				X-Content-Type-Options "nosniff"
-				X-Frame-Options "DENY"
-				X-XSS-Protection "1; mode=block"
-				Referrer-Policy "strict-origin-when-cross-origin"
-				Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()"
-				X-Robots-Tag "noindex, nofollow"
-				-Server
-				-X-Powered-By
-				-Last-Modified
-			}
+	# Allow if CADDY_DOMAINS is empty OR host matches (using :localhost to avoid empty host error)
+	@allowed expression {env.CADDY_DOMAINS} == "" || host("{$CADDY_DOMAINS:localhost}")
+
+	# Main Application Logic (Only for allowed domains)
+	handle @allowed {
+		encode zstd gzip
+
+		# Harden security posture
+		header {
+			Strict-Transport-Security "max-age=31536000;"
+			X-Content-Type-Options "nosniff"
+			X-Frame-Options "DENY"
+			X-XSS-Protection "1; mode=block"
+			Referrer-Policy "strict-origin-when-cross-origin"
+			Permissions-Policy "camera=(), microphone=(), geolocation=(), payment=()"
+			X-Robots-Tag "noindex, nofollow"
+			-Server
+			-X-Powered-By
+			-Last-Modified
+		}
 
-			# Proxy to the application backend
-			reverse_proxy 127.0.0.1:8080 {
-				header_up X-Real-IP {http.request.header.Fly-Client-IP}
-				header_up X-Forwarded-For {http.request.header.Fly-Client-IP}
-			}
+		# Proxy to the application backend
+		reverse_proxy 127.0.0.1:8080 {
+			header_up X-Real-IP {http.request.header.Fly-Client-IP}
+			header_up X-Forwarded-For {http.request.header.Fly-Client-IP}
 		}
 	}