diff --git a/app/Http/Middleware/CSPHeader.php b/app/Http/Middleware/CSPHeader.php index df57fd22..7dd83c2e 100644 --- a/app/Http/Middleware/CSPHeader.php +++ b/app/Http/Middleware/CSPHeader.php @@ -47,7 +47,8 @@ p.typekit.net; \ font-src 'self' \ https://fonts.gstatic.com \ use.typekit.net \ -fonts.typekit.net; \ +fonts.typekit.net \ +data:; \ connect-src 'self' \ https://api.mapbox.com \ https://*.tiles.mapbox.com \ @@ -55,7 +56,6 @@ performance.typekit.net \ data: blob:; \ worker-src 'self' blob:; \ frame-src 'self' https://www.youtube.com blob:; \ -child-src 'self' blob:; \ upgrade-insecure-requests; \ block-all-mixed-content; \ report-to csp-endpoint; \ diff --git a/changelog.md b/changelog.md index 052550f5..84ed7317 100644 --- a/changelog.md +++ b/changelog.md @@ -1,5 +1,8 @@ # Changelog +## Version {next} + - Improve CSP headers + ## Version 0.16.3 (2018-04-12) - Improve JSON feed conformance diff --git a/composer.json b/composer.json index 06a7df67..6a3812bd 100644 --- a/composer.json +++ b/composer.json @@ -34,7 +34,7 @@ }, "require-dev": { "barryvdh/laravel-debugbar": "~3.0", - "codedungeon/phpunit-result-printer": "^0.12.0", + "codedungeon/phpunit-result-printer": "^0.14.0", "filp/whoops": "~2.0", "fzaninotto/faker": "~1.4", "jakub-onderka/php-parallel-lint": "^1.0.0", diff --git a/composer.lock b/composer.lock index 803c69be..0cd5b54b 100644 --- a/composer.lock +++ b/composer.lock @@ -1,23 +1,23 @@ { "_readme": [ "This file locks the dependencies of your project to a known state", - "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#composer-lock-the-lock-file", + "Read more about it at https://getcomposer.org/doc/01-basic-usage.md#installing-dependencies", "This file is @generated automatically" ], - "content-hash": "4127c4d74e7fbc79a541790fb5ea9d73", + "content-hash": "5e37bcec0043b7e6fe14b16f9602255f", "packages": [ { "name": "aws/aws-sdk-php", - "version": "3.54.2", + "version": "3.54.4", "source": { "type": "git", "url": "https://github.com/aws/aws-sdk-php.git", - "reference": "17c2c7a47f54161d23b9a943b1c36600051cb93c" + "reference": "6642a13df7ddcccf19e66c744c5bfae5b61e9e85" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/17c2c7a47f54161d23b9a943b1c36600051cb93c", - "reference": "17c2c7a47f54161d23b9a943b1c36600051cb93c", + "url": "https://api.github.com/repos/aws/aws-sdk-php/zipball/6642a13df7ddcccf19e66c744c5bfae5b61e9e85", + "reference": "6642a13df7ddcccf19e66c744c5bfae5b61e9e85", "shasum": "" }, "require": { @@ -84,7 +84,7 @@ "s3", "sdk" ], - "time": "2018-04-06T18:01:00+00:00" + "time": "2018-04-10T22:11:31+00:00" }, { "name": "bosnadev/database", @@ -698,16 +698,16 @@ }, { "name": "doctrine/dbal", - "version": "v2.7.0", + "version": "v2.7.1", "source": { "type": "git", "url": "https://github.com/doctrine/dbal.git", - "reference": "f76bf5ef631cec551a86c2291fc749534febebf1" + "reference": "11037b4352c008373561dc6fc836834eed80c3b5" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/doctrine/dbal/zipball/f76bf5ef631cec551a86c2291fc749534febebf1", - "reference": "f76bf5ef631cec551a86c2291fc749534febebf1", + "url": "https://api.github.com/repos/doctrine/dbal/zipball/11037b4352c008373561dc6fc836834eed80c3b5", + "reference": "11037b4352c008373561dc6fc836834eed80c3b5", "shasum": "" }, "require": { @@ -769,7 +769,7 @@ "persistence", "queryobject" ], - "time": "2018-04-01T23:33:17+00:00" + "time": "2018-04-07T18:44:18+00:00" }, { "name": "doctrine/inflector", @@ -943,16 +943,16 @@ }, { "name": "egulias/email-validator", - "version": "2.1.3", + "version": "2.1.4", "source": { "type": "git", "url": "https://github.com/egulias/EmailValidator.git", - "reference": "1bec00a10039b823cc94eef4eddd47dcd3b2ca04" + "reference": "8790f594151ca6a2010c6218e09d96df67173ad3" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/egulias/EmailValidator/zipball/1bec00a10039b823cc94eef4eddd47dcd3b2ca04", - "reference": "1bec00a10039b823cc94eef4eddd47dcd3b2ca04", + "url": "https://api.github.com/repos/egulias/EmailValidator/zipball/8790f594151ca6a2010c6218e09d96df67173ad3", + "reference": "8790f594151ca6a2010c6218e09d96df67173ad3", "shasum": "" }, "require": { @@ -961,7 +961,7 @@ }, "require-dev": { "dominicsayers/isemail": "dev-master", - "phpunit/phpunit": "^4.8.35", + "phpunit/phpunit": "^4.8.35||^5.7||^6.0", "satooshi/php-coveralls": "^1.0.1" }, "suggest": { @@ -996,7 +996,7 @@ "validation", "validator" ], - "time": "2017-11-15T23:40:40+00:00" + "time": "2018-04-10T10:11:19+00:00" }, { "name": "erusev/parsedown", @@ -1945,16 +1945,16 @@ }, { "name": "laravel/framework", - "version": "v5.6.15", + "version": "v5.6.16", "source": { "type": "git", "url": "https://github.com/laravel/framework.git", - "reference": "baa42cf6bdd942523fafece21ec16a1843c6db0f" + "reference": "fcdbc791bc3e113ada38ab0a1147141fb9ec2b16" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/laravel/framework/zipball/baa42cf6bdd942523fafece21ec16a1843c6db0f", - "reference": "baa42cf6bdd942523fafece21ec16a1843c6db0f", + "url": "https://api.github.com/repos/laravel/framework/zipball/fcdbc791bc3e113ada38ab0a1147141fb9ec2b16", + "reference": "fcdbc791bc3e113ada38ab0a1147141fb9ec2b16", "shasum": "" }, "require": { @@ -2019,6 +2019,7 @@ "aws/aws-sdk-php": "~3.0", "doctrine/dbal": "~2.6", "filp/whoops": "^2.1.4", + "league/flysystem-cached-adapter": "~1.0", "mockery/mockery": "~1.0", "moontoast/math": "^1.1", "orchestra/testbench-core": "3.6.*", @@ -2037,7 +2038,7 @@ "guzzlehttp/guzzle": "Required to use the Mailgun and Mandrill mail drivers and the ping methods on schedules (~6.0).", "laravel/tinker": "Required to use the tinker console command (~1.0).", "league/flysystem-aws-s3-v3": "Required to use the Flysystem S3 driver (~1.0).", - "league/flysystem-cached-adapter": "Required to use Flysystem caching (~1.0).", + "league/flysystem-cached-adapter": "Required to use the Flysystem cache (~1.0).", "league/flysystem-rackspace": "Required to use the Flysystem Rackspace driver (~1.0).", "league/flysystem-sftp": "Required to use the Flysystem SFTP driver (~1.0).", "nexmo/client": "Required to use the Nexmo transport (~1.0).", @@ -2079,7 +2080,7 @@ "framework", "laravel" ], - "time": "2018-03-30T13:29:58+00:00" + "time": "2018-04-09T16:07:04+00:00" }, { "name": "laravel/horizon", @@ -3537,20 +3538,20 @@ }, { "name": "spatie/browsershot", - "version": "3.19.0", + "version": "3.20.1", "source": { "type": "git", "url": "https://github.com/spatie/browsershot.git", - "reference": "3830660e63dd74617fd9db6c192b89f897f21d49" + "reference": "d5abc3b88c1a3ff0f45dc09eb15681b132b7e971" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/browsershot/zipball/3830660e63dd74617fd9db6c192b89f897f21d49", - "reference": "3830660e63dd74617fd9db6c192b89f897f21d49", + "url": "https://api.github.com/repos/spatie/browsershot/zipball/d5abc3b88c1a3ff0f45dc09eb15681b132b7e971", + "reference": "d5abc3b88c1a3ff0f45dc09eb15681b132b7e971", "shasum": "" }, "require": { - "php": "^7.0", + "php": "^7.1", "spatie/image": "^1.4", "spatie/temporary-directory": "^1.1", "symfony/process": "^3.0|^4.0" @@ -3589,20 +3590,20 @@ "screenshot", "webpage" ], - "time": "2018-04-03T09:56:43+00:00" + "time": "2018-04-12T11:13:06+00:00" }, { "name": "spatie/image", - "version": "1.4.1", + "version": "1.5.0", "source": { "type": "git", "url": "https://github.com/spatie/image.git", - "reference": "9ac824e02ae9ebcb6a74160d6dd9ab73a42f0e4f" + "reference": "2ff09d9eafbeccc71f29ee7a9eb6169a856df75e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/image/zipball/9ac824e02ae9ebcb6a74160d6dd9ab73a42f0e4f", - "reference": "9ac824e02ae9ebcb6a74160d6dd9ab73a42f0e4f", + "url": "https://api.github.com/repos/spatie/image/zipball/2ff09d9eafbeccc71f29ee7a9eb6169a856df75e", + "reference": "2ff09d9eafbeccc71f29ee7a9eb6169a856df75e", "shasum": "" }, "require": { @@ -3613,6 +3614,7 @@ "symfony/process": "^3.0|^4.0" }, "require-dev": { + "larapack/dd": "^1.1", "phpunit/phpunit": "^6.0|^7.0", "symfony/var-dumper": "^3.2" }, @@ -3640,7 +3642,7 @@ "image", "spatie" ], - "time": "2018-02-08T09:09:05+00:00" + "time": "2018-04-13T11:53:18+00:00" }, { "name": "spatie/image-optimizer", @@ -3693,23 +3695,23 @@ }, { "name": "spatie/temporary-directory", - "version": "1.1.3", + "version": "1.1.4", "source": { "type": "git", "url": "https://github.com/spatie/temporary-directory.git", - "reference": "e3da5b7a00c6610bc0b18480815fe09adf73383b" + "reference": "5e1799fa2297363ebfb4df296fea90afbd4ef9b7" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/spatie/temporary-directory/zipball/e3da5b7a00c6610bc0b18480815fe09adf73383b", - "reference": "e3da5b7a00c6610bc0b18480815fe09adf73383b", + "url": "https://api.github.com/repos/spatie/temporary-directory/zipball/5e1799fa2297363ebfb4df296fea90afbd4ef9b7", + "reference": "5e1799fa2297363ebfb4df296fea90afbd4ef9b7", "shasum": "" }, "require": { "php": "^7.0" }, "require-dev": { - "phpunit/phpunit": "5.*" + "phpunit/phpunit": "^6.3" }, "type": "library", "autoload": { @@ -3735,7 +3737,7 @@ "spatie", "temporary-directory" ], - "time": "2017-09-11T08:51:13+00:00" + "time": "2018-04-12T09:34:43+00:00" }, { "name": "swiftmailer/swiftmailer", @@ -4897,16 +4899,16 @@ }, { "name": "codedungeon/phpunit-result-printer", - "version": "0.12.2", + "version": "0.14.0", "source": { "type": "git", "url": "https://github.com/mikeerickson/phpunit-pretty-result-printer.git", - "reference": "a3f8ba9e716f0e8818b6d01040002888ecc00cb3" + "reference": "fe0624ebe81a6dcc4441ace455b419b590cbb51e" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/mikeerickson/phpunit-pretty-result-printer/zipball/a3f8ba9e716f0e8818b6d01040002888ecc00cb3", - "reference": "a3f8ba9e716f0e8818b6d01040002888ecc00cb3", + "url": "https://api.github.com/repos/mikeerickson/phpunit-pretty-result-printer/zipball/fe0624ebe81a6dcc4441ace455b419b590cbb51e", + "reference": "fe0624ebe81a6dcc4441ace455b419b590cbb51e", "shasum": "" }, "require": { @@ -4916,7 +4918,7 @@ "symfony/yaml": "^2.7|^3.0|^4.0" }, "require-dev": { - "phpunit/phpunit": ">=7.1", + "phpunit/phpunit": "7.1.1", "spatie/phpunit-watcher": "^1.5" }, "type": "library", @@ -4944,7 +4946,7 @@ "result-printer", "testing" ], - "time": "2018-04-06T23:59:42+00:00" + "time": "2018-04-08T17:45:48+00:00" }, { "name": "doctrine/instantiator", @@ -6181,16 +6183,16 @@ }, { "name": "phpunit/phpunit", - "version": "7.1.1", + "version": "7.1.3", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit.git", - "reference": "f7fe5127889519e421600fe0feeb113a5e210f20" + "reference": "a7834993ddbf4b0ed2c3b2dc1f3b1d093ef910a9" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/f7fe5127889519e421600fe0feeb113a5e210f20", - "reference": "f7fe5127889519e421600fe0feeb113a5e210f20", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit/zipball/a7834993ddbf4b0ed2c3b2dc1f3b1d093ef910a9", + "reference": "a7834993ddbf4b0ed2c3b2dc1f3b1d093ef910a9", "shasum": "" }, "require": { @@ -6208,7 +6210,7 @@ "phpunit/php-file-iterator": "^1.4.3", "phpunit/php-text-template": "^1.2.1", "phpunit/php-timer": "^2.0", - "phpunit/phpunit-mock-objects": "^6.1", + "phpunit/phpunit-mock-objects": "^6.1.1", "sebastian/comparator": "^2.1", "sebastian/diff": "^3.0", "sebastian/environment": "^3.1", @@ -6257,20 +6259,20 @@ "testing", "xunit" ], - "time": "2018-04-06T12:39:30+00:00" + "time": "2018-04-13T02:28:50+00:00" }, { "name": "phpunit/phpunit-mock-objects", - "version": "6.1.0", + "version": "6.1.1", "source": { "type": "git", "url": "https://github.com/sebastianbergmann/phpunit-mock-objects.git", - "reference": "3f5ca97eee66a07951d018f6726017629c85c86d" + "reference": "70c740bde8fd9ea9ea295be1cd875dd7b267e157" }, "dist": { "type": "zip", - "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/3f5ca97eee66a07951d018f6726017629c85c86d", - "reference": "3f5ca97eee66a07951d018f6726017629c85c86d", + "url": "https://api.github.com/repos/sebastianbergmann/phpunit-mock-objects/zipball/70c740bde8fd9ea9ea295be1cd875dd7b267e157", + "reference": "70c740bde8fd9ea9ea295be1cd875dd7b267e157", "shasum": "" }, "require": { @@ -6313,7 +6315,7 @@ "mock", "xunit" ], - "time": "2018-04-06T08:14:40+00:00" + "time": "2018-04-11T04:50:36+00:00" }, { "name": "sebastian/code-unit-reverse-lookup",