Comments (2)
@ziadoz If it helps, this is the CSP I'm using for Pulse.
report-uri ... ;
default-src 'none' ;
connect-src 'self' ;
font-src 'self' https://fonts.bunny.net/figtree/files/ ;
frame-src 'none' ;
img-src 'self' data: https://gravatar.com/avatar/ https://unavatar.io/ ;
manifest-src 'self' ;
script-src 'report-sample' 'self' 'unsafe-inline' 'unsafe-eval' ;
style-src 'self' 'unsafe-inline' https://fonts.bunny.net/css ;
form-action 'self' ;
frame-ancestors 'none'
I had to configure a standalone CSP for /pulse
because it requires unsafe-inline
and I was using nonces in my app.
from pulse.
@valorin Cheers, that really helps me out!
I closed the ticket because I realised I could attach my own policy to the Pulse route, I just needed to poke around and write all the directives.
I translated what you wrote into a Spatie CSP policy and it all works perfectly (thanks again):
<?php
namespace App\Csp\Policies;
use Illuminate\Http\Request;
use Illuminate\Support\Facades\Vite;
use Spatie\Csp\Directive;
use Spatie\Csp\Keyword;
use Spatie\Csp\Policies\Basic;
use Symfony\Component\HttpFoundation\Response;
class LaravelPulsePolicy extends Basic
{
public function configure(): void
{
$this
->addDirective(Directive::DEFAULT, Keyword::NONE)
->addDirective(Directive::CONNECT, Keyword::SELF)
->addDirective(Directive::FONT, [Keyword::SELF, 'https://fonts.bunny.net/figtree/files/'])
->addDirective(Directive::FRAME, Keyword::NONE)
->addDirective(Directive::IMG, [Keyword::SELF, 'data: https://gravatar.com/avatar/ https://unavatar.io/'])
->addDirective(Directive::MANIFEST, Keyword::SELF)
->addDirective(Directive::SCRIPT, [Keyword::SELF, Keyword::UNSAFE_INLINE, Keyword::UNSAFE_EVAL])
->addDirective(Directive::STYLE, [Keyword::SELF, Keyword::UNSAFE_INLINE, 'https://fonts.bunny.net/css'])
->addDirective(Directive::FORM_ACTION, Keyword::SELF)
->addDirective(Directive::FRAME_ANCESTORS, Keyword::NONE);
}
}
Then just hook it up in the config/pulse.php
file:
'middleware' => [
'web',
Authorize::class,
Spatie\Csp\AddCspHeaders::class . ':' . App\Csp\Policies\LaravelPulsePolicy::class,
],
from pulse.
Related Issues (20)
- redis cluster not supported for ingesting data HOT 6
- Support for sqlsrv HOT 3
- Locking and Trimming HOT 2
- Memory leak when running tests. HOT 1
- Running mysql command "optimize" fails on pulse_aggregates HOT 2
- Just an idea: Recording request data when logging exceptions HOT 1
- internal hooks HOT 1
- Feature request: ability to configure how many days of data is kept in pulse entries HOT 4
- Pulse significantly slows down Laravel Octane when using multiple CPU cores HOT 7
- SQLSTATE[HY000]: General error: 1 no such column: true HOT 6
- Feature Request: Extend nav bar with items HOT 2
- Enhancement Request: Customizable Context Tags for Monitoring Entries. HOT 1
- Dashboard with empty screen HOT 2
- Pulse Scalability rocks! - extract Pulse data repository? HOT 1
- Change logo for the dark theme HOT 1
- Integrate Pulse into Nova? HOT 1
- TypeError in `Pulse::rememberUser()` (Logout Event) HOT 1
- 500 Server Error displaying HOT 1
- UI issue (supports-scrollbars:pr-3) HOT 1
- Unexpected Alpine.js Errors in Laravel Pulse Dashboard HOT 7
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from pulse.