admin/e-ticket
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

Adapt CSP for Cloudflare Under Attack Mode: add unsafe-inline and challenges.cloudflare.com

Browse Source 
Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
This commit is contained in:
Serreau Jovann
2026-03-20 16:16:50 +01:00
parent a6b289af82
commit b9b446f648
1 changed files with 6 additions and 0 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
config/packages/nelmio_security.yaml
View File

@@ -27,13 +27,17 @@ nelmio_security:
- 'https://js.stripe.com'
- 'https://cloudflare.com'
- 'https://*.cloudflareinsights.com'
- 'https://challenges.cloudflare.com'
script-src:
- 'self'
- 'https://static.cloudflareinsights.com'
- 'https://challenges.cloudflare.com'
- 'unsafe-inline'
style-src:
- 'self'
- 'https://fonts.googleapis.com'
- 'https://cdnjs.cloudflare.com'
- 'unsafe-inline'
img-src:
- 'self'
- 'data:'
@@ -45,6 +49,7 @@ nelmio_security:
- 'https://cloudflareinsights.com'
- 'https://static.cloudflareinsights.com'
- 'https://tools-security.esy-web.dev'
- 'https://challenges.cloudflare.com'
font-src:
- 'self'
- 'https://cdnjs.cloudflare.com'
@@ -78,3 +83,4 @@ nelmio_security:
- hooks.stripe.com
- dashboard.stripe.com
- auth.esy-web.dev
- challenges.cloudflare.com