diff --git a/.env.example b/.env.example index 8f3e5a2d69..47e3b96609 100644 --- a/.env.example +++ b/.env.example @@ -96,6 +96,7 @@ APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1 ALLOW_IFRAMING=false REFERRER_POLICY=same-origin ENABLE_CSP=false +ADDITIONAL_CSP_URLS=null CORS_ALLOWED_ORIGINS=null ENABLE_HSTS=false diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 2e81facc76..c505018e64 100755 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -72,7 +72,7 @@ class ProfileController extends Controller if ($user->save()) { - return redirect()->route('profile')->with('success', 'Account successfully updated'); + return redirect()->route('profile')->with('success', trans('account.general.profile_updated')); } return redirect()->back()->withInput()->withErrors($user->getErrors()); diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php index 25f0461fcf..8e6c17b4e7 100644 --- a/app/Http/Middleware/SecurityHeaders.php +++ b/app/Http/Middleware/SecurityHeaders.php @@ -88,13 +88,13 @@ class SecurityHeaders $csp_policy[] = "connect-src 'self'"; $csp_policy[] = "object-src 'none'"; $csp_policy[] = "font-src 'self' data:"; - $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com'; + $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.config('app.additional_csp_urls').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com'; if (config('filesystems.disks.public.driver') == 's3') { $csp_policy[] = "img-src 'self' data: ".config('filesystems.disks.public.url'); } $csp_policy = join(';', $csp_policy); - + $response->headers->set('Content-Security-Policy', $csp_policy); } diff --git a/config/app.php b/config/app.php index eb288f5feb..2c25cd645b 100755 --- a/config/app.php +++ b/config/app.php @@ -201,6 +201,9 @@ return [ 'enable_csp' => env('ENABLE_CSP', true), + 'additional_csp_urls' => env('ADDITIONAL_CSP_URLS', ''), + + /* |-------------------------------------------------------------------------- diff --git a/resources/lang/en-US/account/general.php b/resources/lang/en-US/account/general.php index 7fc060a849..1fc28f3409 100644 --- a/resources/lang/en-US/account/general.php +++ b/resources/lang/en-US/account/general.php @@ -9,4 +9,5 @@ return array( 'api_token_expiration_time' => 'API tokens are set to expire in:', 'api_reference' => 'Please check the API reference to find specific API endpoints and additional API documentation.', + 'profile_updated' => 'Account successfully updated', ); diff --git a/resources/lang/en-US/table.php b/resources/lang/en-US/table.php index f7a49d86c1..16e32b148f 100644 --- a/resources/lang/en-US/table.php +++ b/resources/lang/en-US/table.php @@ -2,9 +2,10 @@ return array( - 'actions' => 'Actions', - 'action' => 'Action', - 'by' => 'By', - 'item' => 'Item', + 'actions' => 'Actions', + 'action' => 'Action', + 'by' => 'By', + 'item' => 'Item', + 'no_matching_records' => 'No matching records found', ); diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php index a3d6b6df2d..8b01ce7865 100644 --- a/resources/views/partials/bootstrap-table.blade.php +++ b/resources/views/partials/bootstrap-table.blade.php @@ -92,6 +92,9 @@ exportTypes: ['xlsx', 'excel', 'csv', 'pdf','json', 'xml', 'txt', 'sql', 'doc' ], onLoadSuccess: function () { $('[data-tooltip="true"]').tooltip(); // Needed to attach tooltips after ajax call + }, + formatNoMatches: function () { + return '{{ trans('table.no_matching_records') }}'; } });