Change from ENV to config value for PUBLIC_AWS_URL

When running config:cache the env('PUBLIC_AWS'URL') value disappears and isn't available, so it doesn't get added to the CSP Policy.
This commit is contained in:
Thomas Misilo 2021-05-05 11:05:22 -05:00
parent ded61614d1
commit 18b1a155bf

View file

@ -106,7 +106,10 @@ class SecurityHeaders
$csp_policy[] = "connect-src 'self'"; $csp_policy[] = "connect-src 'self'";
$csp_policy[] = "object-src 'none'"; $csp_policy[] = "object-src 'none'";
$csp_policy[] = "font-src 'self' data:"; $csp_policy[] = "font-src 'self' data:";
$csp_policy[] = "img-src 'self' data: ".config('app.url')." ".env('PUBLIC_AWS_URL')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com"; $csp_policy[] = "img-src 'self' data: ".config('app.url')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
if(config('filesystems.disks.public.driver') == 's3') {
$csp_policy[] = "img-src 'self' data: ".config('filesystems.disks.public.url');
}
$csp_policy = join(';', $csp_policy); $csp_policy = join(';', $csp_policy);
$response->headers->set('Content-Security-Policy', $csp_policy); $response->headers->set('Content-Security-Policy', $csp_policy);
} }