```
✨ feat(caddy): Améliore la sécurité avec CSP et headers standards ✨ feat(templates): Met à jour le logo sur la page d'inscription réussie ✨ feat(knp_paginator): Ajoute la configuration pour le style Tailwind ✨ feat(audit_logs): Crée la page de traçabilité des actions ✨ feat(logs): Ajoute le contrôleur pour gérer les logs d'audit ✨ feat(AppLogger): Enregistre l'user agent dans les logs d'audit ✨ feat(AccountController): Supprime l'appel inutile de l'EventAdminCreate ✨ feat(AuditLogRepository): Récupère les logs en excluant les ROOT ✨ feat(base): Ajoute la structure de base pour le dashboard ```
This commit is contained in:
Serreau Jovann
@@ -10,17 +10,29 @@ intranet.ludikevent.fr, signature.ludikevent.fr {
|
||||
max_size 100MB
|
||||
}
|
||||
|
||||
header {
|
||||
# This prevents search engines from indexing the site
|
||||
X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
|
||||
header {
|
||||
# Empêche l'indexation
|
||||
X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
|
||||
|
||||
# Your existing Permissions-Policy
|
||||
Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
|
||||
# Content Security Policy (CSP) Finale
|
||||
# auth.esy-web.dev ajouté dans :
|
||||
# - script-src (si chargement de SDK auth)
|
||||
# - connect-src (pour les requêtes d'authentification / token)
|
||||
# - frame-src (si affichage d'une fenêtre de login en iframe)
|
||||
Content-Security-Policy "default-src 'self'; \
|
||||
script-src 'self' 'unsafe-inline' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev; \
|
||||
connect-src 'self' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev; \
|
||||
frame-src 'self' https://chat.esy-web.dev https://auth.esy-web.dev; \
|
||||
style-src 'self' 'unsafe-inline' https://chat.esy-web.dev; \
|
||||
img-src 'self' data: https://chat.esy-web.dev; \
|
||||
font-src 'self' data:; \
|
||||
frame-ancestors 'none';"
|
||||
|
||||
# Recommended security headers for an intranet
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "DENY"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
# Headers de sécurité standards
|
||||
Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
|
||||
X-Content-Type-Options "nosniff"
|
||||
X-Frame-Options "DENY"
|
||||
Referrer-Policy "strict-origin-when-cross-origin"
|
||||
}
|
||||
|
||||
php_fastcgi unix//run/php/php8.3-fpm.sock {
|
||||
|
||||
Reference in New Issue
Block a user