7 Commits

Author	SHA1	Message	Date
Dan Brown	f77236aa38	Laravel 7.x Shift (#3011) ... * Apply Laravel coding style * Shift bindings * Shift core files * Shift to Throwable * Add laravel/ui dependency * Shift Eloquent methods * Shift config files * Shift Laravel dependencies * Shift cleanup * Shift test config and references * Applied styleci changes * Applied fixes post shift to laravel 7 Co-authored-by: Shift <shift@laravelshift.com>	2021-10-26 22:04:18 +01:00
Dan Brown	41ac69adb1	Forced response cache revalidation on logged-in responses ... - Prevents authenticated responses being visible when back button pressed in browser. - Previously, 'no-cache, private' was added by default by Symfony which would have prevents proxy cache issues but this adds no-store and a max-age option to also invalidate all caching. Thanks to @haxatron via huntr.dev Ref: https://huntr.dev/bounties/6cda9df9-4987-4e1c-b48f-855b6901ef53/	2021-10-08 15:22:09 +01:00
Dan Brown	fb80bb5d58	Applied latest styleci changes	2021-09-06 22:19:06 +01:00
Dan Brown	492af79c27	Added a couple of additional CSP rules ... As per guidance from google's CSP evaluator.	2021-09-04 14:34:43 +01:00
Dan Brown	253f386f00	Finished off script CSP rules ... - Added caching for custom html head parsing to add nonce. - Also moved api docs page into web routes to prevent issues.	2021-09-04 13:57:04 +01:00
Dan Brown	934a833818	Apply fixes from StyleCI	2021-06-26 15:23:15 +00:00
Dan Brown	92922288dd	Added iframe CSP, improved session cookie security ... Added iframe CSP headers with configuration via .env. Updated session cookies to be lax by default, dynamically changing to none when iframes configured to allow third-party control. Updated cookie security to be auto-secure if a https APP_URL is set. Related to #2427 and #2207.	2021-01-02 02:43:50 +00:00