admin/ludikevent_crm
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity
Files
0be752c145cabda9e86545ddcdf4f4c9bc589dc3
ludikevent_crm/config/packages/nelmio_security.yaml
Serreau Jovann 36a51c5a54 ``` 
 feat(ReserverController): Ajoute vérification de disponibilité produit.
🛠️ refactor(BackupCommand): Utilise DatabaseDumper et ZipArchiver.
 feat(GitSyncLogCommand): Utilise Gemini pour messages plus clairs.
 feat(GenerateVideoThumbsCommand): Utilise VideoThumbnailer service.
 feat(AppWarmupImagesCommand): Utilise StorageInterface pour warmup.
🔒️ security(nelmio_security): Renforce la sécurité avec des en-têtes.
🔧 chore(caddy): Améliore la configuration de Caddy pour la performance.
🐛 fix(makefile): Corrige les commandes de test.
🧪 chore(.env.test): Supprime la ligne vide à la fin du fichier.
🔧 chore(doctrine): Active native_lazy_objects.
🔧 chore(cache): Ajoute un cache system.
```
2026-01-30 17:58:12 +01:00

68 lines
2.3 KiB
YAML
Raw Blame History

nelmio_security:
# Content Security Policy (CSP)
referrer_policy:
enabled: true
policies:
- 'strict-origin-when-cross-origin'
content_type:
nosniff: true
clickjacking:
paths:
'^/.*': DENY
permissions_policy:
enabled: true
policies:
camera: [self] # Correct : sans les guillemets simples internes
microphone: [self] # Correct
geolocation: [self] # Correct
fullscreen: [self] # Correct
payment: [self] # Correct
# Si tu veux bloquer une fonction pour tout le monde :
usb: []
csp:
hash:
algorithm: 'sha256'
enforce:
default-src: ["'self'"]
object-src: ["'none'"]
base-uri: ["'self'"]
worker-src: ["'self'"]
script-src:
- "'self'"
- "nonce"
- "'strict-dynamic'"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://static.cloudflareinsights.com"
- "https://challenges.cloudflare.com"
connect-src:
- "'self'"
- "https://sentry.esy-web.dev"
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://cloudflareinsights.com"
- "https://challenges.cloudflare.com"
- "https://tools-security.esy-web.dev"
- "https://checkout.stripe.com/"
frame-src:
- "'self'"
- "https://chat.esy-web.dev"
- "https://auth.esy-web.dev"
- "https://challenges.cloudflare.com"
style-src:
- "'self'"
- "'unsafe-inline'"
- "https://chat.esy-web.dev"
img-src:
- "'self'"
- "data:"
- "https://chat.esy-web.dev"
font-src:
- "'self'"
- "data:"
frame-ancestors: ["'none'"]
# Optionnel : forcer le passage en HTTPS
upgrade-insecure-requests: true
Reference in New Issue View Git Blame Copy Permalink