kenmirrors/firefly-iii
1
0
Fork 0
mirror of https://github.com/firefly-iii/firefly-iii.git synced 2025-09-04 03:43:07 +00:00
Code Issues Projects Releases Wiki Activity

Fix various issues in forms.

Browse Source
This commit is contained in:
James Cole
2021-04-08 17:41:19 +02:00
parent 3e12d26afd
commit f2073a4494
11 changed files with 23 additions and 22 deletions
Download Patch File Download Diff File Expand all files Collapse all files

24
app/Http/Middleware/SecureHeaders.php
View File

@@ -51,17 +51,17 @@ class SecureHeaders
$response = $next($request);
$trackingScriptSrc = $this->getTrackingScriptSource();
$csp = [
// "default-src 'none'",
// "object-src 'none'",
// "require-trusted-types-for 'script'",
// sprintf("script-src 'unsafe-inline' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
// "style-src 'unsafe-inline' 'self'",
// "frame-ancestors 'none'",
// "base-uri 'self'",
// "font-src 'self' data:",
// "connect-src 'self'",
// sprintf("img-src 'self' data: https://a.tile.openstreetmap.org https://b.tile.openstreetmap.org https://c.tile.openstreetmap.org https://api.tiles.mapbox.com %s", $trackingScriptSrc),
// "manifest-src 'self'",
"default-src 'none'",
"object-src 'none'",
"require-trusted-types-for 'script'",
//sprintf("script-src 'unsafe-inline' 'strict-dynamic' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
sprintf("script-src 'unsafe-eval' 'strict-dynamic' 'self' 'unsafe-inline' 'nonce-%1s' %2s", $nonce, $trackingScriptSrc),
"style-src 'unsafe-inline' 'self'",
"base-uri 'self'",
"font-src 'self' data:",
"connect-src 'self'",
sprintf("img-src data: 'strict-dynamic' 'self' *.tile.openstreetmap.org %s", $trackingScriptSrc),
"manifest-src 'self'",
];
$route = $request->route();
@@ -79,7 +79,7 @@ class SecureHeaders
"camera 'none'",
"magnetometer 'none'",
"gyroscope 'none'",
"speaker 'none'",
//"speaker 'none'",
//"vibrate 'none'",
"fullscreen 'self'",
"payment 'none'",