IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2024-11-27 03:10:32 -06:00
Code Issues Packages Projects Releases Wiki Activity

Add new relic thing for the demo site.

Browse Source
This commit is contained in:
James Cole 2022-01-18 19:16:12 +01:00
parent 318d86a1f5
commit 52ad0ba352
1 changed files with 16 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

19
app/Http/Middleware/SecureHeaders.php
View File

@ -50,14 +50,15 @@ class SecureHeaders
$response = $next($request);
$trackingScriptSrc = $this->getTrackingScriptSource();
$newRelicSrc = $this->getNewRelicSource();
$csp = [
"default-src 'none'",
"object-src 'none'",
sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s %3s", $nonce, $trackingScriptSrc, $newRelicSrc),
"style-src 'unsafe-inline' 'self'",
"base-uri 'self'",
"font-src 'self' data:",
"connect-src 'self'",
sprintf("connect-src 'self' %s %s", $trackingScriptSrc, $newRelicSrc),
sprintf("img-src data: 'strict-dynamic' 'self' *.tile.openstreetmap.org %s", $trackingScriptSrc),
"manifest-src 'self'",
];
@ -102,7 +103,19 @@ class SecureHeaders
}
/**
* Return part of a CSP header allowing scripts from Google.
* Returns the domain name of New Relic (used on the demo site)
* The check for this value is an undocumented .env variable
*/
private function getNewRelicSource(): string
{
if(true === env('ENABLE_NEW_RELIC', false)) {
return 'bam.eu01.nr-data.net';
}
return '';
}
/**
* Return part of a CSP header allowing scripts from Matomo.
*
* @return string
*/