From a01390d3b788d4da7edab1341befeaa071dad05f Mon Sep 17 00:00:00 2001 From: Serreau Jovann Date: Wed, 28 Jan 2026 13:06:01 +0100 Subject: [PATCH] =?UTF-8?q?```=20=F0=9F=97=91=EF=B8=8F=20remove(Security/R?= =?UTF-8?q?edirecListener.php):=20Supprime=20le=20listener=20de=20redirect?= =?UTF-8?q?ion=20obsol=C3=A8te.=20=E2=9C=A8=20feat(ansible/templates/caddy?= =?UTF-8?q?.j2):=20Ajoute=20la=20gestion=20du=20rewrite=20invisible=20pour?= =?UTF-8?q?=20la=20r=C3=A9servation.=20=F0=9F=90=9B=20fix(config/packages/?= =?UTF-8?q?pwa.yaml):=20Corrige=20la=20hauteur=20de=20l'image=20PWA=20pour?= =?UTF-8?q?=20l'accueil.=20```?= MIME-Version: 1.0 Content-Type: text/plain; charset=UTF-8 Content-Transfer-Encoding: 8bit --- ansible/templates/caddy.j2 | 18 ++++++++++++++--- config/packages/pwa.yaml | 2 +- src/Security/RedirecListener.php | 33 -------------------------------- 3 files changed, 16 insertions(+), 37 deletions(-) delete mode 100644 src/Security/RedirecListener.php diff --git a/ansible/templates/caddy.j2 b/ansible/templates/caddy.j2 index de59716..9916326 100644 --- a/ansible/templates/caddy.j2 +++ b/ansible/templates/caddy.j2 @@ -10,6 +10,16 @@ intranet.ludikevent.fr, signature.ludikevent.fr, reservation.ludikevent.fr { max_size 100MB } + # --- GESTION DU REWRITE INVISIBLE (RESERVATION) --- + @is_reservation host reservation.ludikevent.fr + handle @is_reservation { + # Si l'utilisateur demande la racine /, on réécrit vers /reservation en interne + rewrite / /reservation/ + + # Pour que PHP-FPM trouve le bon fichier index.php dans le sous-dossier + try_files {path} {path}/ /reservation/index.php?{query} + } + # --- NO-INDEX MATCHER --- @noindex_hosts host intranet.ludikevent.fr signature.ludikevent.fr header @noindex_hosts X-Robots-Tag "noindex, nofollow" @@ -17,12 +27,14 @@ intranet.ludikevent.fr, signature.ludikevent.fr, reservation.ludikevent.fr { @index_host host reservation.ludikevent.fr header @index_host -X-Robots-Tag + # --- REDIRECTIONS EXTERNES --- handle_path /utm_reserve.js { redir https://tools-security.esy-web.dev/script.js } handle_path /ts.js { redir https://widget.trustpilot.com/bootstrap/v5/tp.widget.bootstrap.min.js } + # --- BLOC HEADER AVEC CSP --- header { X-Content-Type-Options "nosniff" @@ -30,24 +42,24 @@ intranet.ludikevent.fr, signature.ludikevent.fr, reservation.ludikevent.fr { Referrer-Policy "strict-origin-when-cross-origin" # Injection des headers Cloudflare pour PHP - # Cela permet à PHP de les lire via $_SERVER['HTTP_CF_CONNECTING_IP'] etc. CF-Connecting-IP {header.CF-Connecting-IP} CF-IPCountry {header.CF-IPCountry} CF-RegionCode {header.CF-RegionCode} CF-IPCity {header.CF-IPCity} X-Real-IP {remote_host} } + + # --- ASSETS --- handle_path /assets/* { rewrite * /build{path} } + # --- PHP FASTCGI --- - # Ici, Caddy transmet automatiquement tous les headers définis ci-dessus au socket PHP php_fastcgi unix//run/php/php8.4-fpm.sock { read_timeout 300s write_timeout 300s dial_timeout 100s - # Optionnel : Forcer explicitement certains paramètres FastCGI si nécessaire env REMOTE_ADDR {header.CF-Connecting-IP} } } diff --git a/config/packages/pwa.yaml b/config/packages/pwa.yaml index feb5b8a..b3c8264 100644 --- a/config/packages/pwa.yaml +++ b/config/packages/pwa.yaml @@ -69,7 +69,7 @@ pwa: - src: "/provider/pwa/pwa1.png" form_factor: 'wide' label: "Accueil" - height: 486 + height: 945 width: 1896 - src: "/provider/pwa/pwa2.png" form_factor: "narrow" diff --git a/src/Security/RedirecListener.php b/src/Security/RedirecListener.php deleted file mode 100644 index 03ea858..0000000 --- a/src/Security/RedirecListener.php +++ /dev/null @@ -1,33 +0,0 @@ -getRequest(); - if($request->getPathInfo() == "/") { - if($request->getHost() =="reservation.ludikevent.fr"){ - $redirect = new RedirectResponse("https://reservation.ludikevent.fr/reservation"); - $event->setResponse($redirect); - $event->stopPropagation(); - } - } - } -}