Update dependencies, and set a more locked-down content security policy
This commit is contained in:
parent
1df71121eb
commit
e714599fad
|
|
@ -21,7 +21,7 @@
|
|||
"aura/router": "^3.0",
|
||||
"aura/session": "^2.0",
|
||||
"aviat/banker": "^1.0.0",
|
||||
"aviat/ion": "^2.0.0",
|
||||
"aviat/ion": "^2.1.0",
|
||||
"monolog/monolog": "^1.0",
|
||||
"psr/http-message": "~1.0",
|
||||
"psr/log": "~1.0",
|
||||
|
|
@ -37,7 +37,7 @@
|
|||
"phploc/phploc": "^3.0",
|
||||
"phpmd/phpmd": "^2.4",
|
||||
"phpunit/phpunit": "^6.0",
|
||||
"robmorgan/phinx": "~0.6.4",
|
||||
"robmorgan/phinx": "^0.8.0",
|
||||
"consolidation/robo": "~1.0",
|
||||
"henrikbjorn/lurker": "^1.1.0",
|
||||
"symfony/var-dumper": "^3.2",
|
||||
|
|
|
|||
|
|
@ -239,6 +239,13 @@ class Controller {
|
|||
*/
|
||||
protected function renderFullPage($view, string $template, array $data)
|
||||
{
|
||||
$csp = [
|
||||
"default-src 'self'",
|
||||
"object-src 'none'",
|
||||
"child-src 'none'",
|
||||
];
|
||||
|
||||
$view->addHeader('Content-Security-Policy', implode('; ', $csp));
|
||||
$view->appendOutput($this->loadPartial($view, 'header', $data));
|
||||
|
||||
if (array_key_exists('message', $data) && is_array($data['message']))
|
||||
|
|
|
|||
Loading…
Reference in New Issue