mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-11-22 00:03:09 +01:00
Disable CSP
This commit is contained in:
parent
3d7ba56d73
commit
9e6086984f
@ -279,7 +279,7 @@ PROXY_FOR_OUTGOING_REQUESTS=null
|
||||
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
|
||||
# an attacker is able to inject malicious code into the web app
|
||||
|
||||
CONTENT_SECURITY_POLICY=true
|
||||
CONTENT_SECURITY_POLICY=false
|
||||
|
||||
|
||||
# Leave the following configuration vars as is.
|
||||
|
2
Dockerfile
vendored
2
Dockerfile
vendored
@ -242,7 +242,7 @@ ENV \
|
||||
# CSP helps to prevent or minimize the risk of certain types of security threats.
|
||||
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
|
||||
# an attacker is able to inject malicious code into the web app
|
||||
CONTENT_SECURITY_POLICY=true \
|
||||
CONTENT_SECURITY_POLICY=false \
|
||||
# Leave the following configuration vars as is.
|
||||
# Unless you like to tinker and know what you're doing.
|
||||
BROADCAST_DRIVER=log \
|
||||
|
@ -16,13 +16,13 @@ class AddContentSecurityPolicyHeaders
|
||||
*/
|
||||
public function handle(Request $request, Closure $next) : Response
|
||||
{
|
||||
if (config('2fauth.config.contentSecurityPolicy')) {
|
||||
Vite::useCspNonce();
|
||||
// if (config('2fauth.config.contentSecurityPolicy')) {
|
||||
// Vite::useCspNonce();
|
||||
|
||||
return $next($request)->withHeaders([
|
||||
'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';",
|
||||
]);
|
||||
}
|
||||
// return $next($request)->withHeaders([
|
||||
// 'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';",
|
||||
// ]);
|
||||
// }
|
||||
|
||||
return $next($request);
|
||||
}
|
||||
|
@ -31,7 +31,7 @@
|
||||
'proxyLogoutUrl' => env('PROXY_LOGOUT_URL', null),
|
||||
'appSubdirectory' => env('APP_SUBDIRECTORY', ''),
|
||||
'authLogRetentionTime' => envUnlessEmpty('AUTHENTICATION_LOG_RETENTION', 365),
|
||||
'contentSecurityPolicy' => envUnlessEmpty('CONTENT_SECURITY_POLICY', true),
|
||||
'contentSecurityPolicy' => envUnlessEmpty('CONTENT_SECURITY_POLICY', false),
|
||||
],
|
||||
|
||||
/*
|
||||
|
@ -139,7 +139,7 @@ services:
|
||||
# CSP helps to prevent or minimize the risk of certain types of security threats.
|
||||
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
|
||||
# an attacker is able to inject malicious code into the web app
|
||||
- CONTENT_SECURITY_POLICY=true
|
||||
- CONTENT_SECURITY_POLICY=false
|
||||
# Leave the following configuration vars as is.
|
||||
# Unless you like to tinker and know what you're doing.
|
||||
- BROADCAST_DRIVER=log
|
||||
|
Loading…
Reference in New Issue
Block a user