extern/2FAuth
1
0
Fork 0
mirror of https://github.com/Bubka/2FAuth.git synced 2025-01-11 16:58:58 +01:00
Code Issues Packages Projects Releases Wiki Activity

Update CSP

Browse Source
This commit is contained in:
Bubka 2024-11-17 22:57:15 +01:00
parent ce1692eaf4
commit fd695c7765
3 changed files with 11 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

5
Dockerfile vendored
View File

@ -238,6 +238,11 @@ ENV \
# You can provide a proxy URL that contains a scheme, username, and password. # You can provide a proxy URL that contains a scheme, username, and password.
# For example, "http://username:password@192.168.16.1:10". # For example, "http://username:password@192.168.16.1:10".
PROXY_FOR_OUTGOING_REQUESTS=null \ PROXY_FOR_OUTGOING_REQUESTS=null \
# Set this to true to enable Content-Security-Policy (CSP).
# CSP helps to prevent or minimize the risk of certain types of security threats.
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
# an attacker is able to inject malicious code into the web app
CONTENT_SECURITY_POLICY=true \
# Leave the following configuration vars as is. # Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing. # Unless you like to tinker and know what you're doing.
BROADCAST_DRIVER=log \ BROADCAST_DRIVER=log \

2
app/Http/Middleware/AddContentSecurityPolicyHeaders.php
View File

@ -20,7 +20,7 @@ public function handle(Request $request, Closure $next) : Response
Vite::useCspNonce(); Vite::useCspNonce();
return $next($request)->withHeaders([ return $next($request)->withHeaders([
'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';base-uri 'none';", 'Content-Security-Policy' => "script-src 'nonce-" . Vite::cspNonce() . "';style-src 'self' 'unsafe-inline';connect-src 'self';img-src 'self' data:;object-src 'none';",
]); ]);
} }

5
docker/docker-compose.yml
View File

@ -135,6 +135,11 @@ services:
# You can provide a proxy URL that contains a scheme, username, and password. # You can provide a proxy URL that contains a scheme, username, and password.
# For example, "http://username:password@192.168.16.1:10". # For example, "http://username:password@192.168.16.1:10".
- PROXY_FOR_OUTGOING_REQUESTS=null - PROXY_FOR_OUTGOING_REQUESTS=null
# Set this to true to enable Content-Security-Policy (CSP).
# CSP helps to prevent or minimize the risk of certain types of security threats.
# This is mainly used as a defense against cross-site scripting (XSS) attacks, in which
# an attacker is able to inject malicious code into the web app
- CONTENT_SECURITY_POLICY=true
# Leave the following configuration vars as is. # Leave the following configuration vars as is.
# Unless you like to tinker and know what you're doing. # Unless you like to tinker and know what you're doing.
- BROADCAST_DRIVER=log - BROADCAST_DRIVER=log