admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Restore Cloudflare CSP rules needed for WAF/Turnstile

Browse Source 
Cloudflare WAF requires cloudflareinsights.com and challenges.cloudflare.com
in script-src, connect-src, frame-src and external_redirects.

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-03-26 11:52:56 +01:00
parent 6438afadbf
commit 809a1055ec
2 changed files with 9 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
config/packages/nelmio_security.yaml
View File

@@ -26,9 +26,12 @@ nelmio_security:
- 'https://stripe.com' - 'https://stripe.com'
- 'https://*.stripe.com' - 'https://*.stripe.com'
- 'https://js.stripe.com' - 'https://js.stripe.com'
- 'https://cloudflare.com'
- 'https://*.cloudflareinsights.com'
- 'https://challenges.cloudflare.com' - 'https://challenges.cloudflare.com'
script-src: script-src:
- 'self' - 'self'
- 'https://static.cloudflareinsights.com'
- 'https://challenges.cloudflare.com' - 'https://challenges.cloudflare.com'
- 'https://cdn.jsdelivr.net' - 'https://cdn.jsdelivr.net'
- 'https://js.stripe.com' - 'https://js.stripe.com'
@@ -50,6 +53,8 @@ nelmio_security:
- 'blob:' - 'blob:'
connect-src: connect-src:
- 'self' - 'self'
- 'https://cloudflareinsights.com'
- 'https://static.cloudflareinsights.com'
- 'https://challenges.cloudflare.com' - 'https://challenges.cloudflare.com'
- 'https://nominatim.openstreetmap.org' - 'https://nominatim.openstreetmap.org'
- 'https://cdn.jsdelivr.net' - 'https://cdn.jsdelivr.net'
@@ -81,6 +86,8 @@ nelmio_security:
forward_as: redirUrl forward_as: redirUrl
log: true log: true
allow_list: allow_list:
- cloudflareinsights.com
- static.cloudflareinsights.com
- stripe.com - stripe.com
- connect.stripe.com - connect.stripe.com
- checkout.stripe.com - checkout.stripe.com

2
config/packages/prod/nelmio_security.yaml
View File

@@ -4,6 +4,8 @@ nelmio_security:
script-src: script-src:
- 'self' - 'self'
- 'nonce' - 'nonce'
- 'https://static.cloudflareinsights.com'
- 'https://challenges.cloudflare.com'
# Restreindre les soumissions de formulaires à notre domaine # Restreindre les soumissions de formulaires à notre domaine
# et aux redirections OAuth des plateformes de partage social # et aux redirections OAuth des plateformes de partage social