mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-11 08:04:09 -08:00
Merge branch 'develop'
This commit is contained in:
commit
0b968e1d6b
|
@ -69,7 +69,7 @@ SECURE_COOKIES=false
|
|||
# OPTIONAL: SECURITY HEADER SETTINGS
|
||||
# --------------------------------------------
|
||||
REFERRER_POLICY=strict-origin
|
||||
DISABLE_CSP=false
|
||||
ENABLE_CSP=false
|
||||
|
||||
|
||||
# --------------------------------------------
|
||||
|
|
|
@ -14,14 +14,14 @@ class ContentSecurityPolicyHeader
|
|||
*/
|
||||
public function handle($request, Closure $next)
|
||||
{
|
||||
if ((config('app.debug')=='true') || (config('app.disable_csp')=='true')) {
|
||||
if ((config('app.debug')=='true') || (config('app.enable_csp')!='true')) {
|
||||
$response = $next($request);
|
||||
return $response;
|
||||
}
|
||||
|
||||
$policy[] = "default-src 'self'";
|
||||
$policy[] = "style-src 'self' 'unsafe-inline' oss.maxcdn.com";
|
||||
$policy[] = "script-src 'self' oss.mafxcdn.com cdnjs.cloudflare.com 'nonce-".csrf_token()."'";
|
||||
$policy[] = "script-src 'self' 'unsafe-inline' oss.mafxcdn.com cdnjs.cloudflare.com 'nonce-".csrf_token()."'";
|
||||
$policy[] = "connect-src 'self'";
|
||||
$policy[] = "object-src 'none'";
|
||||
$policy[] = "font-src 'self' data:";
|
||||
|
|
|
@ -183,7 +183,7 @@ return [
|
|||
|
|
||||
*/
|
||||
|
||||
'disable_csp' => env('DISABLE_CSP', false),
|
||||
'enable_csp' => env('ENABLE_CSP', false),
|
||||
|
||||
|
||||
|
||||
|
|
|
@ -84,8 +84,8 @@
|
|||
<script src="https://oss.maxcdn.com/respond/1.4.2/respond.min.js" integrity="sha384-ZoaMbDF+4LeFxg6WdScQ9nnR1QC2MIRxA1O9KWEXQwns1G8UNyIEZIQidzb0T1fo" crossorigin="anonymous"></script>
|
||||
|
||||
@else
|
||||
<script src="{{ url(asset('js/html5shiv.js')) }}"></script>
|
||||
<script src="{{ url(asset('js/respond.js')) }}"></script>
|
||||
<script src="{{ url(asset('js/html5shiv.js')) }}" nonce="{{ csrf_token() }}"></script>
|
||||
<script src="{{ url(asset('js/respond.js')) }}" nonce="{{ csrf_token() }}"></script>
|
||||
@endif
|
||||
<![endif]-->
|
||||
</head>
|
||||
|
|
Loading…
Reference in a new issue