kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-04 03:43:07 +00:00
Code Issues Projects Releases Wiki Activity

Update packages and meta files for new release.

Browse Source
This commit is contained in:
James Cole
2022-01-28 21:19:05 +01:00
parent 9a944175ac
commit ab9f26f850
130 changed files with 1038 additions and 1098 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
app/Http/Middleware/SecureHeaders.php
View File

@@ -50,15 +50,14 @@ class SecureHeaders
$response = $next($request);
$trackingScriptSrc = $this->getTrackingScriptSource();
$newRelicSrc = $this->getNewRelicSource();
$csp = [
"default-src 'none'",
"object-src 'none'",
sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s %3s", $nonce, $trackingScriptSrc, $newRelicSrc),
sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
"style-src 'unsafe-inline' 'self'",
"base-uri 'self'",
"font-src 'self' data:",
sprintf("connect-src 'self' %s %s", $trackingScriptSrc, $newRelicSrc),
sprintf("connect-src 'self' %s", $trackingScriptSrc),
sprintf("img-src data: 'strict-dynamic' 'self' *.tile.openstreetmap.org %s", $trackingScriptSrc),
"manifest-src 'self'",
];
@@ -102,18 +101,6 @@ class SecureHeaders
return $response;
}
/**
* Returns the domain name of New Relic (used on the demo site)
* The check for this value is an undocumented .env variable
*/
private function getNewRelicSource(): string
{
if(true === env('ENABLE_NEW_RELIC', false)) {
return 'bam.eu01.nr-data.net';
}
return '';
}
/**
* Return part of a CSP header allowing scripts from Matomo.
*