2d02ba4cbb
- Flysystem S3 adapter configured for MinIO - Vich uploader switched to Flysystem S3 storage - Liip imagine loader/resolver on S3 - S3 client service with path style endpoint for MinIO - Nelmio security: CSP, clickjacking, permissions policy, external redirects - CSP dev: allow Vite HMR (localhost:5173) - CSP prod: nonce scripts, restricted form-action and connect-src - composer: flysystem-bundle, flysystem-aws-s3-v3, nelmio/security-bundle Co-Authored-By: Claude Opus 4.6 (1M context) <noreply@anthropic.com>
22 lines
792 B
YAML
22 lines
792 B
YAML
nelmio_security:
|
|
csp:
|
|
enforce:
|
|
script-src:
|
|
- 'self'
|
|
- 'nonce'
|
|
- 'https://static.cloudflareinsights.com'
|
|
|
|
# Restreindre les soumissions de formulaires à notre domaine
|
|
# et aux redirections OAuth des plateformes de partage social
|
|
form-action:
|
|
- 'self'
|
|
- 'https://www.facebook.com'
|
|
- 'https://x.com'
|
|
- 'https://twitter.com'
|
|
|
|
# Autoriser navigator.share() (Web Share API) et clipboard API
|
|
# — les deux sont des APIs navigateur natives, pas des appels réseau externes
|
|
# Ce bloc est présent pour documentation et futures intégrations
|
|
connect-src:
|
|
- 'self'
|