mirror of
https://github.com/snipe/snipe-it.git
synced 2024-11-10 07:34:06 -08:00
Change from ENV to config value for PUBLIC_AWS_URL
When running config:cache the env('PUBLIC_AWS'URL') value disappears and isn't available, so it doesn't get added to the CSP Policy.
This commit is contained in:
parent
ded61614d1
commit
18b1a155bf
|
@ -106,7 +106,10 @@ class SecurityHeaders
|
||||||
$csp_policy[] = "connect-src 'self'";
|
$csp_policy[] = "connect-src 'self'";
|
||||||
$csp_policy[] = "object-src 'none'";
|
$csp_policy[] = "object-src 'none'";
|
||||||
$csp_policy[] = "font-src 'self' data:";
|
$csp_policy[] = "font-src 'self' data:";
|
||||||
$csp_policy[] = "img-src 'self' data: ".config('app.url')." ".env('PUBLIC_AWS_URL')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
|
$csp_policy[] = "img-src 'self' data: ".config('app.url')." https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
|
||||||
|
if(config('filesystems.disks.public.driver') == 's3') {
|
||||||
|
$csp_policy[] = "img-src 'self' data: ".config('filesystems.disks.public.url');
|
||||||
|
}
|
||||||
$csp_policy = join(';', $csp_policy);
|
$csp_policy = join(';', $csp_policy);
|
||||||
$response->headers->set('Content-Security-Policy', $csp_policy);
|
$response->headers->set('Content-Security-Policy', $csp_policy);
|
||||||
}
|
}
|
||||||
|
|
Loading…
Reference in a new issue