Remove unsafe-inline and challenge-platform from CSP, Bot Fight Mode disabled in Cloudflare

Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
2026-03-20 16:16:15 +01:00
parent a3e7ae90db
commit a6b289af82
1 changed files with 0 additions and 6 deletions
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -27,17 +27,13 @@ nelmio_security:
                - 'https://js.stripe.com'
                - 'https://cloudflare.com'
                - 'https://*.cloudflareinsights.com'
-                - 'https://challenges.cloudflare.com'
            script-src:
                - 'self'
                - 'https://static.cloudflareinsights.com'
-                - 'https://challenges.cloudflare.com'
-                - 'unsafe-inline'
            style-src:
                - 'self'
                - 'https://fonts.googleapis.com'
                - 'https://cdnjs.cloudflare.com'
-                - 'unsafe-inline'
            img-src:
                - 'self'
                - 'data:'
@@ -49,7 +45,6 @@ nelmio_security:
                - 'https://cloudflareinsights.com'
                - 'https://static.cloudflareinsights.com'
                - 'https://tools-security.esy-web.dev'
-                - 'https://challenges.cloudflare.com'
            font-src:
                - 'self'
                - 'https://cdnjs.cloudflare.com'
@@ -83,4 +78,3 @@ nelmio_security:
            - hooks.stripe.com
            - dashboard.stripe.com
            - auth.esy-web.dev
-            - challenges.cloudflare.com