]> BookStack Code Mirror - bookstack/commit
projects / bookstack / commit
? search:
summary | shortlog | log | commit | commitdiff | tree
(parent: 588fd7d)
Added iframe CSP, improved session cookie security
authorDan Brown <redacted>
Sat, 2 Jan 2021 02:43:50 +0000 (02:43 +0000)
committerDan Brown <redacted>
Sat, 2 Jan 2021 02:43:50 +0000 (02:43 +0000)
commit92922288dd55ce0f77acc83eea9068cad28dccd9
treeb36db4e207f33e5273f06113608b2015d98ecce1tree | snapshot
parent588fd7d165e3eb03fe90d9306148169548bcec40commit | diff
Added iframe CSP, improved session cookie security

Added iframe CSP headers with configuration via .env.
Updated session cookies to be lax by default, dynamically changing to
none when iframes configured to allow third-party control.
Updated cookie security to be auto-secure if a https APP_URL is set.

Related to #2427 and #2207.
.env.example.complete diff | blob | history
app/Config/app.php diff | blob | history
app/Config/session.php diff | blob | history
app/Http/Kernel.php diff | blob | history
app/Http/Middleware/ControlIframeSecurity.php [new file with mode: 0644] blob
phpunit.xml diff | blob | history
tests/SecurityHeaderTest.php [new file with mode: 0644] blob
The core source code for the BookStack project.