Commit graph

21 commits

Author SHA1 Message Date
snipe ca1555d962 Fixed #14664 - allow additional urls in env for CSP
Signed-off-by: snipe <snipe@snipe.net>
2024-05-16 22:19:18 +01:00
snipe 19e0fb7955 Reverting CSP change
Signed-off-by: snipe <snipe@snipe.net>
2024-03-01 12:25:14 +00:00
snipe 93e69ab0c6 Removed unsafe-inline and unsafe-eval
Signed-off-by: snipe <snipe@snipe.net>
2024-03-01 11:44:49 +00:00
snipe e3d2f7cc96 Missed a few
Signed-off-by: snipe <snipe@snipe.net>
2022-03-08 20:05:17 -08:00
snipe d1358b6249 Removed experimental feature policies
Signed-off-by: snipe <snipe@snipe.net>
2022-03-08 16:58:24 -08:00
snipe 84a3a85823 Fixed parse error for merge conflict
Signed-off-by: snipe <snipe@snipe.net>
2021-10-28 18:04:03 -07:00
snipe bdf321ecc9
Merge branch 'develop' into change-var-aws-public-url 2021-10-28 17:46:16 -07:00
Laravel Shift 934afa036f Adopt Laravel coding style
Shift automatically applies the Laravel coding style - which uses the PSR-2 coding style as a base with some minor additions.

You may customize the adopted coding style by adding your own [PHP CS Fixer][1] `.php_cs` config file to your project root. Feel free to use [Shift's Laravel ruleset][2] to help you get started.

[1]: https://github.com/FriendsOfPHP/PHP-CS-Fixer
[2]: https://gist.github.com/laravel-shift/cab527923ed2a109dda047b97d53c200
2021-06-10 20:15:52 +00:00
Thomas Misilo 18b1a155bf Change from ENV to config value for PUBLIC_AWS_URL
When running config:cache the env('PUBLIC_AWS'URL') value disappears and isn't available, so it doesn't get added to the CSP Policy.
2021-05-11 09:51:35 -05:00
Tom Misilo 4e408cbc42
Fix CSP Always being Enabled unless in debug mode. (#9543) 2021-05-05 10:51:47 -07:00
snipe c7d752fb65 Added S3 url into CSP 2020-11-12 19:50:01 -08:00
snipe 4ccba5337a Added https://gravatar address to CSP 2020-10-23 12:09:03 -07:00
snipe 32ad9050cf
Added google maps to CSP 2020-08-25 20:48:53 -07:00
snipe 339bdddc38
Fix for Vue js not loading due to CSP :( 2020-06-25 11:00:33 -07:00
snipe 7ccb41371e
Removed unoptimized images directive
securityheaders.com is claiming it’s onrecognized, even though I got that directive from their site, so… whatever. ¯\_(ツ)_/¯
2020-06-23 01:09:39 -07:00
snipe 2e60a457bf
Dumb fix for feature-policy being dumb. 2020-06-23 01:07:00 -07:00
snipe 00b051b8c7
Added a few more comments 2020-06-23 00:26:09 -07:00
snipe 05b3a9ad7e
Config variable for HSTS 2020-06-22 23:17:27 -07:00
snipe 4fb880384f
Changed comment 2020-06-22 22:37:14 -07:00
snipe 43042ad841
Consolidated ReferrerPolicy into new SecurityHeaders file 2020-06-22 22:35:59 -07:00
snipe 36c8f7f4f1
Additional security headers 2020-06-22 22:31:01 -07:00