mirror of
https://code.castopod.org/adaures/castopod.git
synced 2024-07-22 12:59:37 +02:00
ed6e953010
- add .editorconfig file - format all files to comply with castopod's coding style - switch parsedown dependency with commonmark library to better follow commonmark spec for markdown - add prettier command to format all project files at once closes #16
50 lines
1.5 KiB
PHP
50 lines
1.5 KiB
PHP
<?php
|
|
|
|
namespace Config;
|
|
|
|
use CodeIgniter\Config\BaseConfig;
|
|
|
|
/**
|
|
* Class ContentSecurityPolicyConfig
|
|
*
|
|
* Stores the default settings for the ContentSecurityPolicy, if you
|
|
* choose to use it. The values here will be read in and set as defaults
|
|
* for the site. If needed, they can be overridden on a page-by-page basis.
|
|
*
|
|
* Suggested reference for explanations:
|
|
* https://www.html5rocks.com/en/tutorials/security/content-security-policy/
|
|
*
|
|
* @package Config
|
|
*/
|
|
class ContentSecurityPolicy extends BaseConfig
|
|
{
|
|
// broadbrush CSP management
|
|
|
|
public $reportOnly = false; // default CSP report context
|
|
public $reportURI = null; // URL to send violation reports to
|
|
public $upgradeInsecureRequests = false; // toggle for forcing https
|
|
|
|
// sources allowed; string or array of strings
|
|
// Note: once you set a policy to 'none', it cannot be further restricted
|
|
|
|
public $defaultSrc = null; // will default to self if not over-ridden
|
|
public $scriptSrc = 'self';
|
|
public $styleSrc = 'self';
|
|
public $imageSrc = 'self';
|
|
public $baseURI = null; // will default to self if not over-ridden
|
|
public $childSrc = 'self';
|
|
public $connectSrc = 'self';
|
|
public $fontSrc = null;
|
|
public $formAction = 'self';
|
|
public $frameAncestors = null;
|
|
public $mediaSrc = null;
|
|
public $objectSrc = 'self';
|
|
public $manifestSrc = null;
|
|
|
|
// mime types allowed; string or array of strings
|
|
public $pluginTypes = null;
|
|
|
|
// list of actions allowed; string or array of strings
|
|
public $sandbox = null;
|
|
}
|