From 809a1055ec215d63b3d8d91ee3449b1eadcf861e Mon Sep 17 00:00:00 2001 From: Serreau Jovann Date: Thu, 26 Mar 2026 11:52:56 +0100 Subject: [PATCH] Restore Cloudflare CSP rules needed for WAF/Turnstile Cloudflare WAF requires cloudflareinsights.com and challenges.cloudflare.com in script-src, connect-src, frame-src and external_redirects. Co-Authored-By: Claude Opus 4.6 (1M context) --- config/packages/nelmio_security.yaml | 7 +++++++ config/packages/prod/nelmio_security.yaml | 2 ++ 2 files changed, 9 insertions(+) diff --git a/config/packages/nelmio_security.yaml b/config/packages/nelmio_security.yaml index 04683e8..f156116 100644 --- a/config/packages/nelmio_security.yaml +++ b/config/packages/nelmio_security.yaml @@ -26,9 +26,12 @@ nelmio_security: - 'https://stripe.com' - 'https://*.stripe.com' - 'https://js.stripe.com' + - 'https://cloudflare.com' + - 'https://*.cloudflareinsights.com' - 'https://challenges.cloudflare.com' script-src: - 'self' + - 'https://static.cloudflareinsights.com' - 'https://challenges.cloudflare.com' - 'https://cdn.jsdelivr.net' - 'https://js.stripe.com' @@ -50,6 +53,8 @@ nelmio_security: - 'blob:' connect-src: - 'self' + - 'https://cloudflareinsights.com' + - 'https://static.cloudflareinsights.com' - 'https://challenges.cloudflare.com' - 'https://nominatim.openstreetmap.org' - 'https://cdn.jsdelivr.net' @@ -81,6 +86,8 @@ nelmio_security: forward_as: redirUrl log: true allow_list: + - cloudflareinsights.com + - static.cloudflareinsights.com - stripe.com - connect.stripe.com - checkout.stripe.com diff --git a/config/packages/prod/nelmio_security.yaml b/config/packages/prod/nelmio_security.yaml index 0be43a6..06d4663 100644 --- a/config/packages/prod/nelmio_security.yaml +++ b/config/packages/prod/nelmio_security.yaml @@ -4,6 +4,8 @@ nelmio_security: script-src: - 'self' - 'nonce' + - 'https://static.cloudflareinsights.com' + - 'https://challenges.cloudflare.com' # Restreindre les soumissions de formulaires à notre domaine # et aux redirections OAuth des plateformes de partage social