Add S3/MinIO storage, nelmio security and CSP config

- Flysystem S3 adapter configured for MinIO - Vich uploader switched to Flysystem S3 storage - Liip imagine loader/resolver on S3 - S3 client service with path style endpoint for MinIO - Nelmio security: CSP, clickjacking, permissions policy, external redirects - CSP dev: allow Vite HMR (localhost:5173) - CSP prod: nonce scripts, restricted form-action and connect-src - composer: flysystem-bundle, flysystem-aws-s3-v3, nelmio/security-bundle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-18 21:10:45 +01:00
parent e3de0da1bf
commit 2d02ba4cbb
13 changed files with 1664 additions and 3 deletions
--- a/.env
+++ b/.env
@@ -46,3 +46,11 @@ STRIPE_SK=
 STRIPE_WEBHOOK_SECRET=
 STRIPE_MODE=test
 SMIME_PASSPHRASE='KLreLnyR07x5h#3$AC'
+
+###> s3/minio ###
+S3_ENDPOINT=http://minio:9000
+S3_ACCESS_KEY=e-ticket
+S3_SECRET_KEY=e-ticket
+S3_BUCKET=e-ticket
+S3_REGION=us-east-1
+###< s3/minio ###