admin/ludikevent_crm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

feat(sécurité): Améliore la configuration CSP et Permissions-Policy pour plus de contrôle.

Browse Source
This commit is contained in:
Serreau Jovann
2026-01-15 20:38:30 +01:00
parent 75c419ba06
commit 72b774530d
2 changed files with 17 additions and 1 deletions
Download Patch File Download Diff File Expand all files Collapse all files

17
config/packages/nelmio_security.yaml
View File

@@ -1,5 +1,19 @@
nelmio_security:
# Content Security Policy (CSP)
referrer_policy:
enabled: true
policies:
- 'strict-origin-when-cross-origin'
permissions_policy:
enabled: true
policies:
camera: [self] # Correct : sans les guillemets simples internes
microphone: [self] # Correct
geolocation: [self] # Correct
fullscreen: [self] # Correct
payment: [self] # Correct
# Si tu veux bloquer une fonction pour tout le monde :
usb: []
csp:
enforce:
default-src: ["'self'"]
@@ -10,6 +24,7 @@ nelmio_security:
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://static.cloudflareinsights.com"
- "https://challenges.cloudflare.com"
- "'strict-dynamic'"
connect-src:
- "'self'"
@@ -17,10 +32,12 @@ nelmio_security:
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://cloudflareinsights.com"
- "https://challenges.cloudflare.com"
frame-src:
- "'self'"
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://challenges.cloudflare.com"
style-src:
- "'self'"
- "'unsafe-inline'"