✨ feat(ansible/caddy): Met à jour la CSP et ajoute Cloudflare Insights pour le monitoring.

ansible/templates/caddy.j2

@@ -10,31 +10,27 @@ intranet.ludikevent.fr, signature.ludikevent.fr {
         max_size 100MB
     }
 
-   header {
-           # Empêche l'indexation
-           X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
+    header {
+        # Empêche l'indexation
+        X-Robots-Tag "noindex, nofollow, nosnippet, noarchive"
 
-           # Content Security Policy (CSP) Finale
-           # auth.esy-web.dev ajouté dans :
-           # - script-src (si chargement de SDK auth)
-           # - connect-src (pour les requêtes d'authentification / token)
-           # - frame-src (si affichage d'une fenêtre de login en iframe)
-           Content-Security-Policy "default-src 'self'; \
-               script-src 'self' 'unsafe-inline' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev; \
-               connect-src 'self' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev; \
-               frame-src 'self' https://chat.esy-web.dev https://auth.esy-web.dev; \
-               style-src 'self' 'unsafe-inline' https://chat.esy-web.dev; \
-               img-src 'self' data: https://chat.esy-web.dev; \
-               font-src 'self' data:; \
-               frame-ancestors 'none';"
+        # Content Security Policy (CSP) complète
+        # Ajout de Cloudflare Insights pour le monitoring de performance
+        Content-Security-Policy "default-src 'self'; \
+            script-src 'self' 'unsafe-inline' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev https://static.cloudflareinsights.com; \
+            connect-src 'self' https://sentry.esy-web.dev https://chat.esy-web.dev https://auth.esy-web.dev https://cloudflareinsights.com; \
+            frame-src 'self' https://chat.esy-web.dev https://auth.esy-web.dev; \
+            style-src 'self' 'unsafe-inline' https://chat.esy-web.dev; \
+            img-src 'self' data: https://chat.esy-web.dev; \
+            font-src 'self' data:; \
+            frame-ancestors 'none';"
 
-           # Headers de sécurité standards
-           Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
-           X-Content-Type-Options "nosniff"
-           X-Frame-Options "DENY"
-           Referrer-Policy "strict-origin-when-cross-origin"
+        # Autres headers de sécurité
+        Permissions-Policy "accelerometer=(), autoplay=(), camera=(), clipboard-write=(), encrypted-media=(), fullscreen=(), geolocation=(), gyroscope=(), magnetometer=(), microphone=(), midi=(), payment=(), picture-in-picture=(), publickey-credentials-get=(), usb=(), vr=(), screen-wake-lock=(), xr-spatial-tracking=(), bluetooth=(), ambient-light-sensor=(), battery=(), gamepad=(), notifications=(), push=()"
+        X-Content-Type-Options "nosniff"
+        X-Frame-Options "DENY"
+        Referrer-Policy "strict-origin-when-cross-origin"
     }
-
     php_fastcgi unix//run/php/php8.3-fpm.sock {
         read_timeout 300s
         write_timeout 300s