admin/e-cosplay
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
808c3814cb8d5f83a0825ad2209532e2825d7f52
e-cosplay/config/packages/nelmio_security.yaml
Serreau Jovann 808c3814cb
All checks were successful
Symfony CI - Install, Test, Build, Attest & Deploy / 🚀 Deploy to Production (push) Successful in 54s
Details
🔥 chore(siteconseil): Retire toutes les références à SARL SITECONSEIL et bascule l'OAuth Keycloak sur auth.e-cosplay.fr. 
- Templates : retire les blocs partenaire SITECONSEIL (home, prestation), le DPO SITECONSEIL (rgpd), la SECTION 1 Opérateur Technique (hosting), et les mentions DEV BY/Développé par dans les footers.
- Traductions (fr/en/es/cn/ger) : supprime les clés siteconseil_partner, siteconseil_referral, hosting_tech_operator_*, et bascule hosting_signalement_email vers signalement@e-cosplay.fr.
- AmazonSesClient : passe l'expéditeur à no-reply@e-cosplay.fr.
- SitemapSubscriber : retire l'image siteconseil.png et supprime l'asset associé.
- Keycloak : URL auth.e-cosplay.fr, realm ecosplay, client ecosplay_web (env + nelmio_security CSP).
- Notifuse : NOTIFUSE_CLIENT_EMAIL=contact@e-cosplay.fr.
- CONTRIBUTING.md : remplace l'entité par l'association E-Cosplay.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-04-10 18:29:17 +02:00

63 lines
2.2 KiB
YAML
Raw Blame History

nelmio_security:
# Content Security Policy (CSP)
referrer_policy:
enabled: true
policies:
- 'strict-origin-when-cross-origin'
permissions_policy:
enabled: true
policies:
camera: [self] # Correct : sans les guillemets simples internes
microphone: [self] # Correct
geolocation: [self] # Correct
fullscreen: [self] # Correct
payment: [self] # Correct
# Si tu veux bloquer une fonction pour tout le monde :
usb: []
csp:
hash:
algorithm: 'sha256'
enforce:
default-src: ["'self'"]
worker-src: ["'self'"]
script-src:
- "'self'"
- "nonce"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://static.cloudflareinsights.com"
- "https://challenges.cloudflare.com"
connect-src:
- "'self'"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://auth.e-cosplay.fr"
- "https://cloudflareinsights.com"
- "https://challenges.cloudflare.com"
- "https://tools-security.esy-web.dev"
- "https://checkout.stripe.com/"
- "https://cdnjs.cloudflare.com"
frame-src:
- "'self'"
- "https://chat.esy-web.dev"
- "https://challenges.cloudflare.com"
- "https://climate.stripe.com/"
style-src:
- "'self'"
- "'unsafe-inline'"
- "https://fonts.googleapis.com"
- "https://chat.esy-web.dev"
- "https://cdnjs.cloudflare.com"
img-src:
- "'self'"
- "data:"
- "https://chat.esy-web.dev"
font-src:
- "'self'"
- "data:"
- 'https://fonts.gstatic.com'
- "https://cdnjs.cloudflare.com/"
frame-ancestors: ["'none'"]
# Optionnel : forcer le passage en HTTPS
upgrade-insecure-requests: false
Reference in New Issue View Git Blame Copy Permalink