Updated security

This commit is contained in:
Jeroen De Meerleer 2023-08-04 14:27:37 +02:00
parent 27a4295589
commit 98781357b9
Signed by: JeroenED
GPG Key ID: 28CCCB8F62BFADD6

View File

@ -14,6 +14,11 @@ nelmio_security:
enabled: true enabled: true
mode_block: true mode_block: true
forced_ssl:
hsts_max_age: 31536000 # 1 year
hsts_preload: true
hsts_subdomains: true
# Send a full URL in the `Referer` header when performing a same-origin request, # Send a full URL in the `Referer` header when performing a same-origin request,
# only send the origin of the document to secure destination (HTTPS->HTTPS), # only send the origin of the document to secure destination (HTTPS->HTTPS),
# and send no header to a less secure destination (HTTPS->HTTP). # and send no header to a less secure destination (HTTPS->HTTP).
@ -31,7 +36,6 @@ nelmio_security:
level1_fallback: false level1_fallback: false
browser_adaptive: browser_adaptive:
enabled: false enabled: false
report-uri: '%router.request_context.base_url%/nelmio/csp/report'
default-src: default-src:
- 'none' - 'none'
script-src: script-src: