extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-06-20 11:47:53 +02:00
Code Issues Packages Projects Releases Wiki Activity

Complete CSP authorized hosts to restore QR scan & background images - Fixes #472

Browse Source
This commit is contained in:
Bubka 2025-04-11 22:58:51 +02:00
parent 83d1394afa
commit ef03c1433d
1 changed files with 2 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
app/Http/Middleware/AddContentSecurityPolicyHeaders.php
View File

@ -21,6 +21,7 @@ class AddContentSecurityPolicyHeaders
// We build a space separated list of addresses to be allowed.
Vite::useCspNonce();
$authorizedAddresses[] = config('app.url') . ':*';
$authorizedAddresses[] = 'https://fastly.jsdelivr.net:*';
// We add custom asset url if defined
if (config('app.asset_url') && config('app.asset_url') != config('app.url')) {
@ -42,7 +43,7 @@ class AddContentSecurityPolicyHeaders
$directives['script-src'] = "script-src 'nonce-" . Vite::cspNonce() . "' 'strict-dynamic'";
$directives['style-src'] = "style-src 'self' " . $authorizedAddresses . " 'unsafe-inline'";
$directives['connect-src'] = "connect-src 'self' " . $authorizedAddresses;
$directives['img-src'] = "img-src 'self' " . $authorizedAddresses;
$directives['img-src'] = "img-src 'self' data: " . $authorizedAddresses;
$directives['object-src'] = "object-src 'none'";
$directives['default-src'] = "default-src 'self'";