✨ feat(ansible): Ajoute des headers de sécurité et limite la taille des requêtes.

✨ feat(Security): Active l'authentification à deux facteurs (2FA). ✨ feat(Account): Ajoute une entité et un formulaire pour les administrateurs. 🐛 fix(Security): Corrige la redirection après la connexion. ✨ feat(CRM): Ajoute une page d'administration des comptes administrateurs.
2026-01-15 18:51:17 +01:00
parent 51c1aa2f6f
commit b1b2687320
22 changed files with 813 additions and 198 deletions
--- a/ansible/templates/caddy.j2
+++ b/ansible/templates/caddy.j2
@@ -2,14 +2,25 @@ intranet.ludikevent.fr {
    tls {
        dns cloudflare KL6pZ-Z_12_zbnM2TtFDIsKM8A-HLPhU5GJJbKTW
    }
-    root * {{ path }}/public

+    root * {{ path }}/public
    file_server
+
    request_body {
        max_size 100MB
    }
+
    header {
+        # This prevents search engines from indexing the site
+        X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
+
+        # Your existing Permissions-Policy
        Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
+
+        # Recommended security headers for an intranet
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "strict-origin-when-cross-origin"
    }

    php_fastcgi unix//run/php/php8.3-fpm.sock {