Updated security

2023-08-04 14:27:37 +02:00 · 2023-08-04 14:27:37 +02:00 · 98781357b9
commit 98781357b9
parent 27a4295589
1 changed files with 5 additions and 1 deletions
--- a/config/packages/nelmio_security.yaml
+++ b/config/packages/nelmio_security.yaml
@ -14,6 +14,11 @@ nelmio_security:
        enabled: true
        mode_block: true

+    forced_ssl:
+        hsts_max_age: 31536000 # 1 year
+        hsts_preload: true
+        hsts_subdomains: true
+
    # Send a full URL in the `Referer` header when performing a same-origin request,
    # only send the origin of the document to secure destination (HTTPS->HTTPS),
    # and send no header to a less secure destination (HTTPS->HTTP).
@ -31,7 +36,6 @@ nelmio_security:
            level1_fallback: false
            browser_adaptive:
                enabled: false
-            report-uri: '%router.request_context.base_url%/nelmio/csp/report'
            default-src:
                - 'none'
            script-src: