lunax/snipe_it
1
0
Fork 0
Code Issues Pull requests Projects Releases Wiki Activity Actions

Merge pull request #9541 from misilot/change-var-aws-public-url

Browse source 
Change from ENV to config value for PUBLIC_AWS_URL
This commit is contained in:
snipe 2021-10-28 17:46:25 -07:00 committed by GitHub
commit d54434fdf7
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 7 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
app/Http/Middleware/SecurityHeaders.php
View file

@ -103,8 +103,13 @@ class SecurityHeaders
$csp_policy[] = "connect-src 'self'";
$csp_policy[] = "object-src 'none'";
$csp_policy[] = "font-src 'self' data:";
$csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com';
$csp_policy = implode(';', $csp_policy);
$csp_policy[] = "img-src 'self' data: ".config('app.url').' '.env('PUBLIC_AWS_URL').' https://secure.gravatar.com http://gravatar.com maps.google.com maps.gstatic.com *.googleapis.com";
if(config('filesystems.disks.public.driver') == 's3') {
$csp_policy[] = "img-src 'self' data: ".config('filesystems.disks.public.url');
}
$csp_policy = join(';', $csp_policy);
$response->headers->set('Content-Security-Policy', $csp_policy);
}