admin/e-cosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

```

Browse Source 
[DEL] docs(file/topic): Supprime favicon et manifest inutilisés.
[FEAT] feat(file/topic): Ajoute PWA bundle et CSP pour la sécurité.
```
This commit is contained in:
Serreau Jovann
2026-01-25 11:56:39 +01:00
parent a3cea3c821
commit 65925bdf82
136 changed files with 1080 additions and 604 deletions
Download Patch File Download Diff File Expand all files Collapse all files

61
config/packages/nelmio_security.yaml Normal file
View File

@@ -0,0 +1,61 @@
nelmio_security:
# Content Security Policy (CSP)
referrer_policy:
enabled: true
policies:
- 'strict-origin-when-cross-origin'
permissions_policy:
enabled: true
policies:
camera: [self] # Correct : sans les guillemets simples internes
microphone: [self] # Correct
geolocation: [self] # Correct
fullscreen: [self] # Correct
payment: [self] # Correct
# Si tu veux bloquer une fonction pour tout le monde :
usb: []
csp:
hash:
algorithm: 'sha256'
enforce:
default-src: ["'self'"]
worker-src: ["'self'"]
script-src:
- "'self'"
- "nonce"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://static.cloudflareinsights.com"
- "https://challenges.cloudflare.com"
connect-src:
- "'self'"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://cloudflareinsights.com"
- "https://challenges.cloudflare.com"
- "https://tools-security.esy-web.dev"
- "https://checkout.stripe.com/"
frame-src:
- "'self'"
- "https://chat.esy-web.dev"
- "https://challenges.cloudflare.com"
- "https://climate.stripe.com/"
style-src:
- "'self'"
- "'unsafe-inline'"
- "https://fonts.googleapis.com"
- "https://chat.esy-web.dev"
- "https://cdnjs.cloudflare.com"
img-src:
- "'self'"
- "data:"
- "https://chat.esy-web.dev"
font-src:
- "'self'"
- "data:"
- 'https://fonts.gstatic.com'
- "https://cdnjs.cloudflare.com/"
frame-ancestors: ["'none'"]
# Optionnel : forcer le passage en HTTPS
upgrade-insecure-requests: false