IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Disable almost all things.

Browse Source
This commit is contained in:
James Cole 2021-04-08 16:47:16 +02:00
parent e458208966
commit 3e12d26afd
No known key found for this signature in database
GPG Key ID: B5669F9493CDE38D
1 changed files with 11 additions and 13 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Middleware/SecureHeaders.php
View File

@ -51,19 +51,17 @@ class SecureHeaders
$response = $next($request); $response = $next($request);
$trackingScriptSrc = $this->getTrackingScriptSource(); $trackingScriptSrc = $this->getTrackingScriptSource();
$csp = [ $csp = [
"default-src 'none'", // "default-src 'none'",
"object-src 'self'", // "object-src 'none'",
sprintf("script-src 'unsafe-inline' 'nonce-%1s' %2s 'strict-dynamic'", $nonce, $trackingScriptSrc), // "require-trusted-types-for 'script'",
"style-src 'unsafe-inline' 'self'", // sprintf("script-src 'unsafe-inline' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
"frame-ancestors 'none'", // "style-src 'unsafe-inline' 'self'",
"base-uri 'self'", // "frame-ancestors 'none'",
"font-src 'self' data:", // "base-uri 'self'",
"connect-src 'self'", // "font-src 'self' data:",
sprintf( // "connect-src 'self'",
"img-src 'self' data: https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://api.tiles.mapbox.com %s", // sprintf("img-src 'self' data: https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://api.tiles.mapbox.com %s", $trackingScriptSrc),
$trackingScriptSrc // "manifest-src 'self'",
),
"manifest-src 'self'",
]; ];
$route = $request->route(); $route = $request->route();