release

2025-06-13 12:24:35 +08:00
parent 1caae33c43
commit 6dfe3e0677
74 changed files with 1497 additions and 253 deletions
--- a/config/csp.php
+++ b/config/csp.php
@ -0,0 +1,35 @@
+<?php
+
+return [
+
+    /*
+     * A policy will determine which CSP headers will be set. A valid CSP policy is
+     * any class that extends `Spatie\Csp\Policies\Policy`
+     */
+    //'policy' => Spatie\Csp\Policies\Basic::class,
+    'policy' => App\Support\MyCustomPolicy::class,
+
+    /*
+     * This policy which will be put in report only mode. This is great for testing out
+     * a new policy or changes to existing csp policy without breaking anything.
+     */
+    'report_only_policy' => '',
+
+    /*
+     * All violations against the policy will be reported to this url.
+     * A great service you could use for this is https://report-uri.com/
+     *
+     * You can override this setting by calling `reportTo` on your policy.
+     */
+    'report_uri' => env('CSP_REPORT_URI', ''),
+
+    /*
+     * Headers will only be added if this setting is set to true.
+     */
+    'enabled' => env('CSP_ENABLED', true),
+
+    /*
+     * The class responsible for generating the nonces used in inline tags and headers.
+     */
+    'nonce_generator' => Spatie\Csp\Nonce\RandomString::class,
+];