mirror of
https://github.com/Bubka/2FAuth.git
synced 2024-12-23 23:49:53 +01:00
Update CSP
This commit is contained in:
parent
ce1692eaf4
commit
fd695c7765
5
Dockerfile
vendored
5
Dockerfile
vendored
@ -238,6 +238,11 @@ ENV \
|
||||
# You can provide a proxy URL that contains a scheme, username, and password.
|
||||
# For example, "http://username:password@192.168.16.1:10".
|
||||
PROXY_FOR_OUTGOING_REQUESTS=null \
|
||||
# Set this to true to enable Content-Security-Policy (CSP).
|
||||
# CSP helps to prevent or minimize the risk of certain types of security threats.
|
||||
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
|
||||
# an attacker is able to inject malicious code into the web app
|
||||
CONTENT_SECURITY_POLICY=true \
|
||||
# Leave the following configuration vars as is.
|
||||
# Unless you like to tinker and know what you're doing.
|
||||
BROADCAST_DRIVER=log \
|
||||
|
@ -20,7 +20,7 @@ public function handle(Request $request, Closure $next) : Response
|
||||
Vite::useCspNonce();
|
||||
|
||||
return $next($request)->withHeaders([
|
||||
'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';base-uri 'none';",
|
||||
'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';",
|
||||
]);
|
||||
}
|
||||
|
||||
|
@ -135,6 +135,11 @@ services:
|
||||
# You can provide a proxy URL that contains a scheme, username, and password.
|
||||
# For example, "http://username:password@192.168.16.1:10".
|
||||
- PROXY_FOR_OUTGOING_REQUESTS=null
|
||||
# Set this to true to enable Content-Security-Policy (CSP).
|
||||
# CSP helps to prevent or minimize the risk of certain types of security threats.
|
||||
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
|
||||
# an attacker is able to inject malicious code into the web app
|
||||
- CONTENT_SECURITY_POLICY=true
|
||||
# Leave the following configuration vars as is.
|
||||
# Unless you like to tinker and know what you're doing.
|
||||
- BROADCAST_DRIVER=log
|
||||
|
Loading…
Reference in New Issue
Block a user