BUGFIX: Added referrer policy and frame-ancestors

This commit is contained in:
Jeroen De Meerleer 2022-02-02 12:59:03 +01:00
parent ce70f7fdbc
commit 95eb634297
Signed by: JeroenED
GPG Key ID: 28CCCB8F62BFADD6
2 changed files with 4 additions and 2 deletions

View File

@ -40,7 +40,9 @@ class Router
if ($response instanceof Response) { if ($response instanceof Response) {
$response->headers->add([ $response->headers->add([
"Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; require-trusted-types-for 'script'" "Content-Security-Policy" => "default-src 'none'; font-src 'self'; style-src 'self'; script-src 'self'; img-src 'self'; frame-ancestors 'none'; require-trusted-types-for 'script'; base-uri 'none'; ",
"Referrer-Policy" => "same-origin"
]); ]);
return $response; return $response;
} else { } else {

View File

@ -55,7 +55,7 @@ Encore
// uncomment to get integrity="..." attributes on your script & link tags // uncomment to get integrity="..." attributes on your script & link tags
// requires WebpackEncoreBundle 1.4 or higher // requires WebpackEncoreBundle 1.4 or higher
//.enableIntegrityHashes(Encore.isProduction()) .enableIntegrityHashes(true)
// uncomment if you're having problems with a jQuery plugin // uncomment if you're having problems with a jQuery plugin
//.autoProvidejQuery() //.autoProvidejQuery()