IntenseFinance/firefly-iii
3
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-02-25 18:45:27 -06:00
Code Issues Packages Projects Releases Wiki Activity

Some CSP tuning.

Browse Source
This commit is contained in:
James Cole 2020-01-11 06:14:10 +01:00
parent c55bfc0b8c
commit 5da8b2ec9e
No known key found for this signature in database
GPG Key ID: C16961E655E74B5E
1 changed files with 3 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

6
app/Http/Middleware/SecureHeaders.php
View File

@ -53,7 +53,7 @@ class SecureHeaders
$csp = [ $csp = [
"default-src 'none'", "default-src 'none'",
"object-src 'self'", "object-src 'self'",
sprintf("script-src 'unsafe-inline' %s 'nonce-%s'", $googleScriptSrc, $nonce), sprintf("script-src 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $googleScriptSrc),
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline'",
"base-uri 'self'", "base-uri 'self'",
"font-src 'self' data:", "font-src 'self' data:",
@ -105,7 +105,7 @@ class SecureHeaders
private function getGoogleImgSource(): string private function getGoogleImgSource(): string
{ {
if ('' !== config('firefly.analytics_id')) { if ('' !== config('firefly.analytics_id')) {
return 'https://www.google-analytics.com/'; return 'https://www.google-analytics.com';
} }
return ''; return '';
@ -119,7 +119,7 @@ class SecureHeaders
private function getGoogleScriptSource(): string private function getGoogleScriptSource(): string
{ {
if ('' !== config('firefly.analytics_id')) { if ('' !== config('firefly.analytics_id')) {
return 'https://www.googletagmanager.com/gtag/js https://www.google-analytics.com/analytics.js'; return 'https://www.googletagmanager.com https://www.google-analytics.com';
} }
return ''; return '';