castopod/app/Config/Security.php

<?php

namespace Config;

use CodeIgniter\Config\BaseConfig;

class Security extends BaseConfig
{
    /**
     * --------------------------------------------------------------------------
     * CSRF Token Name
     * --------------------------------------------------------------------------
     *
     * Token name for Cross Site Request Forgery protection cookie.
     *
     * @var string
     */
    public $tokenName = 'csrf_test_name';

    /**
     * --------------------------------------------------------------------------
     * CSRF Header Name
     * --------------------------------------------------------------------------
     *
     * Token name for Cross Site Request Forgery protection cookie.
     *
     * @var string
     */
    public $headerName = 'X-CSRF-TOKEN';

    /**
     * --------------------------------------------------------------------------
     * CSRF Cookie Name
     * --------------------------------------------------------------------------
     *
     * Cookie name for Cross Site Request Forgery protection cookie.
     *
     * @var string
     */
    public $cookieName = 'csrf_cookie_name';

    /**
     * --------------------------------------------------------------------------
     * CSRF Expires
     * --------------------------------------------------------------------------
     *
     * Expiration time for Cross Site Request Forgery protection cookie.
     *
     * Defaults to two hours (in seconds).
     *
     * @var integer
     */
    public $expires = 7200;

    /**
     * --------------------------------------------------------------------------
     * CSRF Regenerate
     * --------------------------------------------------------------------------
     *
     * Regenerate CSRF Token on every request.
     *
     * @var boolean
     */
    public $regenerate = true;

    /**
     * --------------------------------------------------------------------------
     * CSRF Redirect
     * --------------------------------------------------------------------------
     *
     * Redirect to previous page with error on failure.
     *
     * @var boolean
     */
    public $redirect = true;

    /**
     * --------------------------------------------------------------------------
     * CSRF SameSite
     * --------------------------------------------------------------------------
     *
     * Setting for CSRF SameSite cookie token.
     *
     * Allowed values are: None - Lax - Strict - ''.
     *
     * Defaults to `Lax` as recommended in this link:
     * @see https://portswigger.net/web-security/csrf/samesite-cookies
     *
     * @var string 'Lax'|'None'|'Strict'
     */
    public $samesite = 'Lax';
}
feat(fediverse): implement activitypub protocols + update user interface - add "ActivityPub" library to handle server to server federation and basic client to server protocols using activitypub: - add webfinger endpoint to look for actor - add actor definition with inbox / outbox / followers - remote follow an actor - create notes with possible preview cards - interract with favourites, reblogs and replies - block incoming actors and/or domains - broadcast/schedule activities to fediverse followers using a cron task - For castopod, the podcast is the actor: - overwrite the activitypub library for castopod's specific needs - perform basic interactions administrating a podcast to interact with fediverse users: - create notes with episode attachment - favourite and share a note + reply - add specific castopod_namespaces for podcasts and episodes definitions - overwrite CodeIgniter's Route service to include alternate-content option for activitystream requests - update episode publication logic: - remove publication inputs in create / edit episode form - publish / schedule or unpublish an episode after creation - the podcaster publishes a note when publishing an episode - Javascript / Typescript modules: - fix Dropdown.ts to keep dropdown menu in foreground - add Modal.ts for funding links modal - add Toggler.ts to toggle various css states in ui - User Interface: - update tailwindcss to v2 - use castopod's pine and rose colors - update public layout to a 3 column layout - add pages in public for podcast activity, episode list and notes - update episode page to include linked notes - remove previous and next episodes from episode pages - show different public views depending on whether user is authenticated or not - use Kumbh Sans and Montserrat fonts - update CodeIgniter's config files - with CodeIgniter's new requirements, update docker environments are now based on php v7.3 image - move Image entity to Libraries - update composer and npm packages to latest versions closes #69 #65 #85, fixes #51 #91 #92 #88 2021-04-02 17:20:02 +00:00			`<?php`

			`namespace Config;`

			`use CodeIgniter\Config\BaseConfig;`

			`class Security extends BaseConfig`
			`{`
			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF Token Name`
			`* --------------------------------------------------------------------------`
			`*`
			`* Token name for Cross Site Request Forgery protection cookie.`
			`*`
			`* @var string`
			`*/`
			`public $tokenName = 'csrf_test_name';`

			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF Header Name`
			`* --------------------------------------------------------------------------`
			`*`
			`* Token name for Cross Site Request Forgery protection cookie.`
			`*`
			`* @var string`
			`*/`
			`public $headerName = 'X-CSRF-TOKEN';`

			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF Cookie Name`
			`* --------------------------------------------------------------------------`
			`*`
			`* Cookie name for Cross Site Request Forgery protection cookie.`
			`*`
			`* @var string`
			`*/`
			`public $cookieName = 'csrf_cookie_name';`

			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF Expires`
			`* --------------------------------------------------------------------------`
			`*`
			`* Expiration time for Cross Site Request Forgery protection cookie.`
			`*`
			`* Defaults to two hours (in seconds).`
			`*`
			`* @var integer`
			`*/`
			`public $expires = 7200;`

			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF Regenerate`
			`* --------------------------------------------------------------------------`
			`*`
			`* Regenerate CSRF Token on every request.`
			`*`
			`* @var boolean`
			`*/`
			`public $regenerate = true;`

			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF Redirect`
			`* --------------------------------------------------------------------------`
			`*`
			`* Redirect to previous page with error on failure.`
			`*`
			`* @var boolean`
			`*/`
			`public $redirect = true;`

			`/**`
			`* --------------------------------------------------------------------------`
			`* CSRF SameSite`
			`* --------------------------------------------------------------------------`
			`*`
			`* Setting for CSRF SameSite cookie token.`
			`*`
			`* Allowed values are: None - Lax - Strict - ''.`
			`*`
			* Defaults to `Lax` as recommended in this link:
			`* @see https://portswigger.net/web-security/csrf/samesite-cookies`
			`*`
			`* @var string 'Lax'\|'None'\|'Strict'`
			`*/`
			`public $samesite = 'Lax';`
			`}`