mirror of
https://github.com/the-djmaze/snappymail.git
synced 2026-07-11 00:14:50 +03:00
Added option to application.ini for CSP reporting
This commit is contained in:
parent
6c71f25f50
commit
5e9c83c1a8
3 changed files with 9 additions and 1 deletions
|
|
@ -181,6 +181,7 @@ class Application extends \RainLoop\Config\AbstractConfig
|
|||
'admin_panel_host' => array(''),
|
||||
'admin_panel_key' => array('admin'),
|
||||
'content_security_policy' => array(''),
|
||||
'csp_report' => array(false),
|
||||
'encrypt_cipher' => array($sCipher)
|
||||
),
|
||||
|
||||
|
|
|
|||
|
|
@ -241,7 +241,9 @@ abstract class Service
|
|||
private static function setCSP(string $sScriptNonce = null) : void
|
||||
{
|
||||
$CSP = new \SnappyMail\HTTP\CSP(\trim(Api::Config()->Get('security', 'content_security_policy', '')));
|
||||
$CSP->report = Api::Config()->Get('security', 'csp_report', false);
|
||||
$CSP->report_only = Api::Config()->Get('debug', 'enable', false); // '0.0.0' === APP_VERSION
|
||||
|
||||
// Allow https: due to remote images in e-mails or use proxy
|
||||
if (!Api::Config()->Get('security', 'use_local_proxy_for_external_images', '')) {
|
||||
$CSP->img[] = 'https:';
|
||||
|
|
|
|||
|
|
@ -15,6 +15,8 @@ class CSP
|
|||
$img = ["'self'", 'data:'],
|
||||
$style = ["'self'", "'unsafe-inline'"],
|
||||
$frame = [],
|
||||
|
||||
$report = false,
|
||||
$report_to = [],
|
||||
$report_only = false;
|
||||
|
||||
|
|
@ -49,8 +51,11 @@ class CSP
|
|||
if ($this->frame) {
|
||||
$params[] = 'frame-src ' . \implode(' ', $this->frame);
|
||||
}
|
||||
|
||||
// Deprecated
|
||||
$params[] = 'report-uri ./?/CspReport';
|
||||
if ($this->report) {
|
||||
$params[] = 'report-uri ./?/CspReport';
|
||||
}
|
||||
|
||||
return \implode('; ', $params);
|
||||
}
|
||||
|
|
|
|||
Loading…
Add table
Add a link
Reference in a new issue