From ca1555d9620e58dd6aa13838eb0385f149d64602 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 16 May 2024 22:19:18 +0100
Subject: [PATCH 1/5] Fixed #14664 - allow additional urls in env for CSP

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Middleware/SecurityHeaders.php | 4 ++--
 config/app.php                          | 3 +++
 2 files changed, 5 insertions(+), 2 deletions(-)

diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php
index 25f0461fc..8e6c17b4e 100644
--- a/app/Http/Middleware/SecurityHeaders.php
+++ b/app/Http/Middleware/SecurityHeaders.php
@@ -88,13 +88,13 @@ class SecurityHeaders
             $csp_policy[] = "connect-src 'self'";
             $csp_policy[] = "object-src 'none'";
             $csp_policy[] = "font-src 'self' data:";
-            $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';
+            $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.config('app.additional_csp_urls').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';
 	          
             if (config('filesystems.disks.public.driver') == 's3') {
                $csp_policy[] = "img-src 'self' data:  ".config('filesystems.disks.public.url');
             }
             $csp_policy = join(';', $csp_policy);
-           
+
             $response->headers->set('Content-Security-Policy', $csp_policy);
         }
 
diff --git a/config/app.php b/config/app.php
index eb288f5fe..2c25cd645 100755
--- a/config/app.php
+++ b/config/app.php
@@ -201,6 +201,9 @@ return [
 
     'enable_csp' => env('ENABLE_CSP', true),
 
+    'additional_csp_urls' => env('ADDITIONAL_CSP_URLS', ''),
+
+
 
     /*
     |--------------------------------------------------------------------------

From 52c906f6b851e1f7280402abbdfc7d6c6d1c3de9 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Thu, 16 May 2024 22:21:52 +0100
Subject: [PATCH 2/5] Added to env.example

Signed-off-by: snipe <snipe@snipe.net>
---
 .env.example | 1 +
 1 file changed, 1 insertion(+)

diff --git a/.env.example b/.env.example
index 8f3e5a2d6..47e3b9660 100644
--- a/.env.example
+++ b/.env.example
@@ -96,6 +96,7 @@ APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1
 ALLOW_IFRAMING=false
 REFERRER_POLICY=same-origin
 ENABLE_CSP=false
+ADDITIONAL_CSP_URLS=null
 CORS_ALLOWED_ORIGINS=null
 ENABLE_HSTS=false
 

From 771c85e347466eafc2327a80b4e1ff5f77e101e6 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 20 May 2024 11:19:31 +0100
Subject: [PATCH 3/5] Translated account save message

Signed-off-by: snipe <snipe@snipe.net>
---
 app/Http/Controllers/ProfileController.php | 2 +-
 1 file changed, 1 insertion(+), 1 deletion(-)

diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php
index 2e81facc7..c505018e6 100755
--- a/app/Http/Controllers/ProfileController.php
+++ b/app/Http/Controllers/ProfileController.php
@@ -72,7 +72,7 @@ class ProfileController extends Controller
 
 
         if ($user->save()) {
-            return redirect()->route('profile')->with('success', 'Account successfully updated');
+            return redirect()->route('profile')->with('success', trans('account.general.profile_updated'));
         }
 
         return redirect()->back()->withInput()->withErrors($user->getErrors());

From bcb747f886ceecc9fb1b165bf88edf105e2989ff Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 20 May 2024 11:19:37 +0100
Subject: [PATCH 4/5] Added string

Signed-off-by: snipe <snipe@snipe.net>
---
 resources/lang/en-US/account/general.php | 1 +
 1 file changed, 1 insertion(+)

diff --git a/resources/lang/en-US/account/general.php b/resources/lang/en-US/account/general.php
index 7fc060a84..1fc28f340 100644
--- a/resources/lang/en-US/account/general.php
+++ b/resources/lang/en-US/account/general.php
@@ -9,4 +9,5 @@ return array(
     'api_token_expiration_time' => 'API tokens are set to expire in:',
     'api_reference' => 'Please check the <a href="https://snipe-it.readme.io/reference" target="_blank">API reference</a> to
                     find specific API endpoints and additional API documentation.',
+    'profile_updated' => 'Account successfully updated',
 );

From 6a6272ace38a0b521c97d7b5a5eeeee38f5c9308 Mon Sep 17 00:00:00 2001
From: snipe <snipe@snipe.net>
Date: Mon, 20 May 2024 11:19:47 +0100
Subject: [PATCH 5/5] Translate no records found message

Signed-off-by: snipe <snipe@snipe.net>
---
 resources/lang/en-US/table.php                     | 9 +++++----
 resources/views/partials/bootstrap-table.blade.php | 3 +++
 2 files changed, 8 insertions(+), 4 deletions(-)

diff --git a/resources/lang/en-US/table.php b/resources/lang/en-US/table.php
index f7a49d86c..16e32b148 100644
--- a/resources/lang/en-US/table.php
+++ b/resources/lang/en-US/table.php
@@ -2,9 +2,10 @@
 
 return array(
 
-    'actions'	 	=> 'Actions',
-    'action' 		=> 'Action',
-    'by'      		=> 'By',
-    'item' 			=> 'Item',
+    'actions'	 	        => 'Actions',
+    'action' 		        => 'Action',
+    'by'      		        => 'By',
+    'item' 			        => 'Item',
+    'no_matching_records'   => 'No matching records found',
 
 );
diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php
index a3d6b6df2..8b01ce786 100644
--- a/resources/views/partials/bootstrap-table.blade.php
+++ b/resources/views/partials/bootstrap-table.blade.php
@@ -92,6 +92,9 @@
             exportTypes: ['xlsx', 'excel', 'csv', 'pdf','json', 'xml', 'txt', 'sql', 'doc' ],
             onLoadSuccess: function () {
                 $('[data-tooltip="true"]').tooltip(); // Needed to attach tooltips after ajax call
+            },
+            formatNoMatches: function () {
+                return '{{ trans('table.no_matching_records') }}';
             }
 
             });