admin/e-cosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(caddy): Met à jour la CSP et supprime Stripe de base.twig

Browse Source 
This commit updates the Content Security Policy in the Caddy template and removes the Stripe script from the base Twig template.
This commit is contained in:
Serreau Jovann
2025-11-19 13:23:21 +01:00
parent 702b235299
commit b5d13c3386
2 changed files with 1 additions and 2 deletions
Download Patch File Download Diff File Expand all files Collapse all files

2
ansible/templates/caddy.j2
View File

@@ -15,7 +15,7 @@ www.e-cosplay.fr {
header {
-X-Robots-Tag
Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
Content-Security-Policy "base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com https://*.stripe.com; script-src 'self' 'unsafe-inline' https://datas.e-cosplay.fr https://*.cloudflareinsights.com https://storage.googleapis.com https://*.trustpilot.com https://*.stripe.com; font-src 'self' https://fonts.gstatic.com;connect-src https://*.e-cosplay.fr https://*.cloudflareinsights.com https://fonts.googleapis.com https://widget.trustpilot.com/ https://challenges.cloudflare.com https://*.stripe.com; frame-src 'self' https://*.trustpilot.com https://*.stripe.com;"
Content-Security-Policy "base-uri 'self'; default-src 'self'; style-src 'self' 'unsafe-inline' https://fonts.googleapis.com; script-src 'self' 'unsafe-inline' https://datas.e-cosplay.fr https://*.cloudflareinsights.com https://storage.googleapis.com https://*.trustpilot.com; font-src 'self' https://fonts.gstatic.com;connect-src https://*.e-cosplay.fr https://*.cloudflareinsights.com https://fonts.googleapis.com https://widget.trustpilot.com/ https://challenges.cloudflare.com; frame-src 'self' https://*.trustpilot.com;"
}
php_fastcgi unix//run/php/php8.3-fpm.sock {

1
templates/base.twig
View File

@@ -40,7 +40,6 @@
<link rel="stylesheet" href="{{ asset('assets/css/all.min.css') }}" crossorigin="anonymous"
referrerpolicy="no-referrer"/>
<meta name="google-site-verification" content="D6YvgLKg4oj2Ksk_cYhO3fijbmxZWib7wqqHTJyfftQ"/>
<script src="https://js.stripe.com/clover/stripe.js"></script>
<meta name="env" content="{{ app.environment }}">
{% block canonical_url %}{% endblock %}