BUGFIX: Added referrer policy and frame-ancestors

2022-02-02 12:59:03 +01:00 · 2022-02-02 12:59:03 +01:00 · 95eb634297
commit 95eb634297
parent ce70f7fdbc
2 changed files with 4 additions and 2 deletions
--- a/lib/Framework/Router.php
+++ b/lib/Framework/Router.php
@ -40,7 +40,9 @@ class Router

            if ($response instanceof Response) {
                $response->headers->add([
-                    "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; require-trusted-types-for 'script'"
+                    "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; frame-ancestors 'none'; require-trusted-types-for 'script'; base-uri 'none'; ",
+                    "Referrer-Policy" => "same-origin"
+
                ]);
                return $response;
            } else {
--- a/webpack.config.js
+++ b/webpack.config.js
@ -55,7 +55,7 @@ Encore

    // uncomment to get integrity="..." attributes on your script & link tags
    // requires WebpackEncoreBundle 1.4 or higher
-    //.enableIntegrityHashes(Encore.isProduction())
+    .enableIntegrityHashes(true)

    // uncomment if you're having problems with a jQuery plugin
    //.autoProvidejQuery()