Update CSP

This commit is contained in:
Bubka 2024-11-17 22:57:15 +01:00
parent ce1692eaf4
commit fd695c7765
3 changed files with 11 additions and 1 deletions

5
Dockerfile vendored
View File

@ -238,6 +238,11 @@ ENV \
# You can provide a proxy URL that contains a scheme, username, and password.
# For example, "http://username:password@192.168.16.1:10".
PROXY_FOR_OUTGOING_REQUESTS=null \
# Set this to true to enable Content-Security-Policy (CSP).
# CSP helps to prevent or minimize the risk of certain types of security threats.
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
# an attacker is able to inject malicious code into the web app
CONTENT_SECURITY_POLICY=true \
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
BROADCAST_DRIVER=log \

View File

@ -20,7 +20,7 @@ public function handle(Request $request, Closure $next) : Response
Vite::useCspNonce();
return $next($request)->withHeaders([
'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';base-uri 'none';",
'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';",
]);
}

View File

@ -135,6 +135,11 @@ services:
# You can provide a proxy URL that contains a scheme, username, and password.
# For example, "http://username:password@192.168.16.1:10".
- PROXY_FOR_OUTGOING_REQUESTS=null
# Set this to true to enable Content-Security-Policy (CSP).
# CSP helps to prevent or minimize the risk of certain types of security threats.
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
# an attacker is able to inject malicious code into the web app
- CONTENT_SECURITY_POLICY=true
# Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing.
- BROADCAST_DRIVER=log