From ca1555d9620e58dd6aa13838eb0385f149d64602 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 16 May 2024 22:19:18 +0100 Subject: [PATCH 1/5] Fixed #14664 - allow additional urls in env for CSP Signed-off-by: snipe --- app/Http/Middleware/SecurityHeaders.php | 4 ++-- config/app.php | 3 +++ 2 files changed, 5 insertions(+), 2 deletions(-) diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php index 25f0461fc..8e6c17b4e 100644 --- a/app/Http/Middleware/SecurityHeaders.php +++ b/app/Http/Middleware/SecurityHeaders.php @@ -88,13 +88,13 @@ class SecurityHeaders $csp_policy[] = "connect-src 'self'"; $csp_policy[] = "object-src 'none'"; $csp_policy[] = "font-src 'self' data:"; - $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com'; + $csp_policy[] = "img-src 'self' data: ".config('app.url').' '.config('app.additional_csp_urls').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com'; if (config('filesystems.disks.public.driver') == 's3') { $csp_policy[] = "img-src 'self' data: ".config('filesystems.disks.public.url'); } $csp_policy = join(';', $csp_policy); - + $response->headers->set('Content-Security-Policy', $csp_policy); } diff --git a/config/app.php b/config/app.php index eb288f5fe..2c25cd645 100755 --- a/config/app.php +++ b/config/app.php @@ -201,6 +201,9 @@ return [ 'enable_csp' => env('ENABLE_CSP', true), + 'additional_csp_urls' => env('ADDITIONAL_CSP_URLS', ''), + + /* |-------------------------------------------------------------------------- From 52c906f6b851e1f7280402abbdfc7d6c6d1c3de9 Mon Sep 17 00:00:00 2001 From: snipe Date: Thu, 16 May 2024 22:21:52 +0100 Subject: [PATCH 2/5] Added to env.example Signed-off-by: snipe --- .env.example | 1 + 1 file changed, 1 insertion(+) diff --git a/.env.example b/.env.example index 8f3e5a2d6..47e3b9660 100644 --- a/.env.example +++ b/.env.example @@ -96,6 +96,7 @@ APP_TRUSTED_PROXIES=192.168.1.1,10.0.0.1 ALLOW_IFRAMING=false REFERRER_POLICY=same-origin ENABLE_CSP=false +ADDITIONAL_CSP_URLS=null CORS_ALLOWED_ORIGINS=null ENABLE_HSTS=false From 771c85e347466eafc2327a80b4e1ff5f77e101e6 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 20 May 2024 11:19:31 +0100 Subject: [PATCH 3/5] Translated account save message Signed-off-by: snipe --- app/Http/Controllers/ProfileController.php | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/app/Http/Controllers/ProfileController.php b/app/Http/Controllers/ProfileController.php index 2e81facc7..c505018e6 100755 --- a/app/Http/Controllers/ProfileController.php +++ b/app/Http/Controllers/ProfileController.php @@ -72,7 +72,7 @@ class ProfileController extends Controller if ($user->save()) { - return redirect()->route('profile')->with('success', 'Account successfully updated'); + return redirect()->route('profile')->with('success', trans('account.general.profile_updated')); } return redirect()->back()->withInput()->withErrors($user->getErrors()); From bcb747f886ceecc9fb1b165bf88edf105e2989ff Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 20 May 2024 11:19:37 +0100 Subject: [PATCH 4/5] Added string Signed-off-by: snipe --- resources/lang/en-US/account/general.php | 1 + 1 file changed, 1 insertion(+) diff --git a/resources/lang/en-US/account/general.php b/resources/lang/en-US/account/general.php index 7fc060a84..1fc28f340 100644 --- a/resources/lang/en-US/account/general.php +++ b/resources/lang/en-US/account/general.php @@ -9,4 +9,5 @@ return array( 'api_token_expiration_time' => 'API tokens are set to expire in:', 'api_reference' => 'Please check the API reference to find specific API endpoints and additional API documentation.', + 'profile_updated' => 'Account successfully updated', ); From 6a6272ace38a0b521c97d7b5a5eeeee38f5c9308 Mon Sep 17 00:00:00 2001 From: snipe Date: Mon, 20 May 2024 11:19:47 +0100 Subject: [PATCH 5/5] Translate no records found message Signed-off-by: snipe --- resources/lang/en-US/table.php | 9 +++++---- resources/views/partials/bootstrap-table.blade.php | 3 +++ 2 files changed, 8 insertions(+), 4 deletions(-) diff --git a/resources/lang/en-US/table.php b/resources/lang/en-US/table.php index f7a49d86c..16e32b148 100644 --- a/resources/lang/en-US/table.php +++ b/resources/lang/en-US/table.php @@ -2,9 +2,10 @@ return array( - 'actions' => 'Actions', - 'action' => 'Action', - 'by' => 'By', - 'item' => 'Item', + 'actions' => 'Actions', + 'action' => 'Action', + 'by' => 'By', + 'item' => 'Item', + 'no_matching_records' => 'No matching records found', ); diff --git a/resources/views/partials/bootstrap-table.blade.php b/resources/views/partials/bootstrap-table.blade.php index a3d6b6df2..8b01ce786 100644 --- a/resources/views/partials/bootstrap-table.blade.php +++ b/resources/views/partials/bootstrap-table.blade.php @@ -92,6 +92,9 @@ exportTypes: ['xlsx', 'excel', 'csv', 'pdf','json', 'xml', 'txt', 'sql', 'doc' ], onLoadSuccess: function () { $('[data-tooltip="true"]').tooltip(); // Needed to attach tooltips after ajax call + }, + formatNoMatches: function () { + return '{{ trans('table.no_matching_records') }}'; } });