More readable formatting, include dev S3 bucket
This commit is contained in:
parent
8cbbc821bf
commit
57b6a4ac29
1 changed files with 22 additions and 27 deletions
|
|
@ -17,55 +17,50 @@ class CSPHeader
|
||||||
{
|
{
|
||||||
// headers have to be single-line strings,
|
// headers have to be single-line strings,
|
||||||
// so we concat multiple lines
|
// so we concat multiple lines
|
||||||
|
//return $next($request);
|
||||||
return $next($request)
|
return $next($request)
|
||||||
->header(
|
->header(
|
||||||
'Content-Security-Policy',
|
'Content-Security-Policy',
|
||||||
"default-src 'self'; " .
|
str_replace("\\\n", "", "default-src 'self'; \
|
||||||
"script-src 'self' \
|
script-src 'self' 'unsafe-inline' 'unsafe-eval' \
|
||||||
'unsafe-inline' \
|
|
||||||
'unsafe-eval' \
|
|
||||||
https://api.mapbox.com \
|
https://api.mapbox.com \
|
||||||
https://analytics.jmb.lv \
|
https://analytics.jmb.lv \
|
||||||
blob:; " .
|
blob:; \
|
||||||
"style-src 'self' \
|
style-src 'self' 'unsafe-inline' \
|
||||||
'unsafe-inline' \
|
|
||||||
https://api.mapbox.com \
|
https://api.mapbox.com \
|
||||||
https://fonts.googleapis.com \
|
https://fonts.googleapis.com \
|
||||||
use.typekit.net \
|
use.typekit.net \
|
||||||
p.typekit.net; " .
|
p.typekit.net; \
|
||||||
"img-src 'self' \
|
img-src 'self' data: blob: \
|
||||||
data: \
|
|
||||||
blob: \
|
|
||||||
https://pbs.twimg.com \
|
https://pbs.twimg.com \
|
||||||
https://api.mapbox.com \
|
https://api.mapbox.com \
|
||||||
https://*.tiles.mapbox.com \
|
https://*.tiles.mapbox.com \
|
||||||
https://jbuk-media.s3-eu-west-1.amazonaws.com \
|
https://jbuk-media.s3-eu-west-1.amazonaws.com \
|
||||||
|
https://jbuk-media-dev.s3-eu-west-1.amazonaws.com \
|
||||||
https://secure.gravatar.com \
|
https://secure.gravatar.com \
|
||||||
https://graph.facebook.com \
|
https://graph.facebook.com *.fbcdn.net \
|
||||||
*.fbcdn.net \
|
|
||||||
https://*.cdninstagram.com \
|
https://*.cdninstagram.com \
|
||||||
analytics.jmb.lv \
|
analytics.jmb.lv \
|
||||||
https://*.4sqi.net \
|
https://*.4sqi.net \
|
||||||
https://upload.wikimedia.org \
|
https://upload.wikimedia.org \
|
||||||
p.typekit.net; " .
|
p.typekit.net; \
|
||||||
"font-src 'self' \
|
font-src 'self' \
|
||||||
https://fonts.gstatic.com \
|
https://fonts.gstatic.com \
|
||||||
use.typekit.net \
|
use.typekit.net \
|
||||||
fonts.typekit.net; " .
|
fonts.typekit.net; \
|
||||||
"connect-src 'self' \
|
connect-src 'self' \
|
||||||
https://api.mapbox.com \
|
https://api.mapbox.com \
|
||||||
https://*.tiles.mapbox.com \
|
https://*.tiles.mapbox.com \
|
||||||
performance.typekit.net \
|
performance.typekit.net \
|
||||||
data: \
|
data: blob:; \
|
||||||
blob:; " .
|
worker-src 'self' blob:; \
|
||||||
"worker-src 'self' blob:; " .
|
frame-src 'self' https://www.youtube.com blob:; \
|
||||||
"frame-src 'self' https://www.youtube.com blob:; " .
|
child-src 'self' blob:; \
|
||||||
"child-src 'self' blob:; " .
|
upgrade-insecure-requests; \
|
||||||
'upgrade-insecure-requests; ' .
|
block-all-mixed-content; \
|
||||||
'block-all-mixed-content; ' .
|
report-to csp-endpoint; \
|
||||||
'report-to csp-endpoint; ' .
|
report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;"
|
||||||
'report-uri https://jonnybarnes.report-uri.io/r/default/csp/enforce;'
|
))
|
||||||
)
|
|
||||||
->header(
|
->header(
|
||||||
'Report-To',
|
'Report-To',
|
||||||
'{' .
|
'{' .
|
||||||
|
|
|
||||||
Loading…
Add table
Reference in a new issue