From 98781357b9dab2d39653674cae431f290cd75024 Mon Sep 17 00:00:00 2001
From: Jeroen De Meerleer <me@jeroened.be>
Date: Fri, 4 Aug 2023 14:27:37 +0200
Subject: [PATCH] Updated security

---
 config/packages/nelmio_security.yaml | 6 +++++-
 1 file changed, 5 insertions(+), 1 deletion(-)

diff --git a/config/packages/nelmio_security.yaml b/config/packages/nelmio_security.yaml
index ac32a83..abb8551 100644
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@@ -14,6 +14,11 @@ nelmio_security:
         enabled: true
         mode_block: true
 
+    forced_ssl:
+        hsts_max_age: 31536000 # 1 year
+        hsts_preload: true
+        hsts_subdomains: true
+
     # Send a full URL in the `Referer` header when performing a same-origin request,
     # only send the origin of the document to secure destination (HTTPS->HTTPS),
     # and send no header to a less secure destination (HTTPS->HTTP).
@@ -31,7 +36,6 @@ nelmio_security:
             level1_fallback: false
             browser_adaptive:
                 enabled: false
-            report-uri: '%router.request_context.base_url%/nelmio/csp/report'
             default-src:
                 - 'none'
             script-src: