admin/e-cosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

```

Browse Source 
[DEL] docs(file/topic): Supprime favicon et manifest inutilisés.
[FEAT] feat(file/topic): Ajoute PWA bundle et CSP pour la sécurité.
```
This commit is contained in:
Serreau Jovann
2026-01-25 11:56:39 +01:00
parent a3cea3c821
commit 65925bdf82
136 changed files with 1080 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
config/bundles.php
View File

@@ -20,4 +20,6 @@ return [
Sentry\SentryBundle\SentryBundle::class => ['prod' => true],
PixelOpen\CloudflareTurnstileBundle\PixelOpenCloudflareTurnstileBundle::class => ['all' => true],
KnpU\OAuth2ClientBundle\KnpUOAuth2ClientBundle::class => ['all' => true],
SpomkyLabs\PwaBundle\SpomkyLabsPwaBundle::class => ['all' => true],
Nelmio\SecurityBundle\NelmioSecurityBundle::class => ['all' => true],
];

8
config/packages/dev/nelmio_security.yaml Normal file
View File

@@ -0,0 +1,8 @@
nelmio_security:
csp:
enforce:
script-src:
- "http://localhost:5173"
connect-src:
- "ws://localhost:5173/" # Autorise le WebSocket de Vite

3
config/packages/dev/pwa.yaml Normal file
View File

@@ -0,0 +1,3 @@
pwa:
serviceworker:
enabled: false

61
config/packages/nelmio_security.yaml Normal file
View File

@@ -0,0 +1,61 @@
nelmio_security:
# Content Security Policy (CSP)
referrer_policy:
enabled: true
policies:
- 'strict-origin-when-cross-origin'
permissions_policy:
enabled: true
policies:
camera: [self] # Correct : sans les guillemets simples internes
microphone: [self] # Correct
geolocation: [self] # Correct
fullscreen: [self] # Correct
payment: [self] # Correct
# Si tu veux bloquer une fonction pour tout le monde :
usb: []
csp:
hash:
algorithm: 'sha256'
enforce:
default-src: ["'self'"]
worker-src: ["'self'"]
script-src:
- "'self'"
- "nonce"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://static.cloudflareinsights.com"
- "https://challenges.cloudflare.com"
connect-src:
- "'self'"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://cloudflareinsights.com"
- "https://challenges.cloudflare.com"
- "https://tools-security.esy-web.dev"
- "https://checkout.stripe.com/"
frame-src:
- "'self'"
- "https://chat.esy-web.dev"
- "https://challenges.cloudflare.com"
- "https://climate.stripe.com/"
style-src:
- "'self'"
- "'unsafe-inline'"
- "https://fonts.googleapis.com"
- "https://chat.esy-web.dev"
- "https://cdnjs.cloudflare.com"
img-src:
- "'self'"
- "data:"
- "https://chat.esy-web.dev"
font-src:
- "'self'"
- "data:"
- 'https://fonts.gstatic.com'
- "https://cdnjs.cloudflare.com/"
frame-ancestors: ["'none'"]
# Optionnel : forcer le passage en HTTPS
upgrade-insecure-requests: false

23
config/packages/pwa.yaml Normal file
View File

@@ -0,0 +1,23 @@
pwa:
asset_compiler: false # Default to true. Will change to false in 2.0.0.
image_processor: 'pwa.image_processor.gd' # Or 'pwa.image_processor.gd'
favicons:
enabled: true
src: '%kernel.project_dir%/public/assets/notif.png'
serviceworker:
enabled: true
scope: "/"
use_cache: false
skip_waiting: true
manifest:
enabled: true
name: "E-Cosplay"
short_name: "PWA"
start_url: "app_home"
display: "standalone"
background_color: "#ffffff"
theme_color: "#4285f4"
categories: ['games','multimedia','social networking']
icons:
- src: '%kernel.project_dir%/public/assets/notif.png'
sizes: [192]

2
config/services.yaml
View File

@@ -20,6 +20,8 @@ services:
arguments:
$manifest: '%kernel.project_dir%/public/build/.vite/manifest.json'
$cache: '@vite_cache_pool'
$cspListener: '@nelmio_security.csp_listener'
# add more service definitions when explicit configuration is needed
# please note that last definitions always *replace* previous ones
App\VichUploader\Namer\Account\AvatarName: