75c419ba06
✨ feat(ansible/caddy): Supprime CSP statique et Permissions-Policy obsolète 🐛 fix(assets/admin): Corrige la gestion du menu admin et des flashs ✨ feat(Twig/ViteAssetExtension): Ajoute CSP nonce et gère les favicons 🐛 fix(Entity/AuditLog): Corrige la relation ManyToOne avec Account ➕ feat: Ajoute NelmioSecurityBundle pour gérer la sécurité CSP ```
38 lines
1.2 KiB
YAML
38 lines
1.2 KiB
YAML
nelmio_security:
|
|
# Content Security Policy (CSP)
|
|
csp:
|
|
enforce:
|
|
default-src: ["'self'"]
|
|
script-src:
|
|
- "'self'"
|
|
- "nonce"
|
|
- "https://sentry.esy-web.dev"
|
|
- "https://chat.esy-web.dev"
|
|
- "https://auth.esy-web.dev"
|
|
- "https://static.cloudflareinsights.com"
|
|
- "'strict-dynamic'"
|
|
connect-src:
|
|
- "'self'"
|
|
- "https://sentry.esy-web.dev"
|
|
- "https://chat.esy-web.dev"
|
|
- "https://auth.esy-web.dev"
|
|
- "https://cloudflareinsights.com"
|
|
frame-src:
|
|
- "'self'"
|
|
- "https://chat.esy-web.dev"
|
|
- "https://auth.esy-web.dev"
|
|
style-src:
|
|
- "'self'"
|
|
- "'unsafe-inline'"
|
|
- "https://chat.esy-web.dev"
|
|
img-src:
|
|
- "'self'"
|
|
- "data:"
|
|
- "https://chat.esy-web.dev"
|
|
font-src:
|
|
- "'self'"
|
|
- "data:"
|
|
frame-ancestors: ["'none'"]
|
|
# Optionnel : forcer le passage en HTTPS
|
|
upgrade-insecure-requests: false
|