saulteafarmer/castopod
1
0
Fork 0
mirror of https://code.castopod.org/adaures/castopod synced 2025-05-14 18:25:46 +00:00
Code Issues Packages Projects Releases Wiki Activity
castopod/app/Config/ContentSecurityPolicy.php
Yassine Doghri 2f525c0f6e feat(fediverse): implement activitypub protocols + update user interface 
- add "ActivityPub" library to handle server to server federation and basic
  client to server protocols using activitypub:
  - add webfinger endpoint to look for actor
  - add actor definition with inbox / outbox / followers
  - remote follow an actor
  - create notes with possible preview cards
  - interract with favourites, reblogs and replies
  - block incoming actors and/or domains
  - broadcast/schedule activities to fediverse followers using a cron task
- For castopod, the podcast is the actor:
  - overwrite the activitypub library for castopod's specific needs
  - perform basic interactions administrating a podcast to interact with fediverse users:
    - create notes with episode attachment
    - favourite and share a note + reply
    - add specific castopod_namespaces for podcasts and episodes definitions
- overwrite CodeIgniter's Route service to include alternate-content option for
  activitystream requests
- update episode publication logic:
  - remove publication inputs in create / edit episode form
  - publish / schedule or unpublish an episode after creation
  - the podcaster publishes a note when publishing an episode
- Javascript / Typescript modules:
  - fix Dropdown.ts to keep dropdown menu in foreground
  - add Modal.ts for funding links modal
  - add Toggler.ts to toggle various css states in ui
- User Interface:
  - update tailwindcss to v2
  - use castopod's pine and rose colors
  - update public layout to a 3 column layout
  - add pages in public for podcast activity, episode list and notes
  - update episode page to include linked notes
  - remove previous and next episodes from episode pages
  - show different public views depending on whether user is authenticated or not
  - use Kumbh Sans and Montserrat fonts
- update CodeIgniter's config files
- with CodeIgniter's new requirements, update docker environments are now based on
  php v7.3 image
- move Image entity to Libraries
- update composer and npm packages to latest versions

closes #69 #65 #85, fixes #51 #91 #92 #88
2021-04-02 17:20:02 +00:00

160 lines
3.7 KiB
PHP
Raw Blame History

<?php
namespace Config;
use CodeIgniter\Config\BaseConfig;
/**
* Stores the default settings for the ContentSecurityPolicy, if you
* choose to use it. The values here will be read in and set as defaults
* for the site. If needed, they can be overridden on a page-by-page basis.
*
* Suggested reference for explanations:
*
* @see https://www.html5rocks.com/en/tutorials/security/content-security-policy/
*/
class ContentSecurityPolicy extends BaseConfig
{
//-------------------------------------------------------------------------
// Broadbrush CSP management
//-------------------------------------------------------------------------
/**
* Default CSP report context
*
* @var boolean
*/
public $reportOnly = false;
/**
* Specifies a URL where a browser will send reports
* when a content security policy is violated.
*
* @var string|null
*/
public $reportURI = null;
/**
* Instructs user agents to rewrite URL schemes, changing
* HTTP to HTTPS. This directive is for websites with
* large numbers of old URLs that need to be rewritten.
*
* @var boolean
*/
public $upgradeInsecureRequests = false;
//-------------------------------------------------------------------------
// Sources allowed
// Note: once you set a policy to 'none', it cannot be further restricted
//-------------------------------------------------------------------------
/**
* Will default to self if not overridden
*
* @var string|string[]|null
*/
public $defaultSrc = null;
/**
* Lists allowed scripts' URLs.
*
* @var string|string[]
*/
public $scriptSrc = 'self';
/**
* Lists allowed stylesheets' URLs.
*
* @var string|string[]
*/
public $styleSrc = 'self';
/**
* Defines the origins from which images can be loaded.
*
* @var string|string[]
*/
public $imageSrc = 'self';
/**
* Restricts the URLs that can appear in a page's `<base>` element.
*
* Will default to self if not overridden
*
* @var string|string[]|null
*/
public $baseURI = null;
/**
* Lists the URLs for workers and embedded frame contents
*
* @var string|string[]
*/
public $childSrc = 'self';
/**
* Limits the origins that you can connect to (via XHR,
* WebSockets, and EventSource).
*
* @var string|string[]
*/
public $connectSrc = 'self';
/**
* Specifies the origins that can serve web fonts.
*
* @var string|string[]
*/
public $fontSrc = null;
/**
* Lists valid endpoints for submission from `<form>` tags.
*
* @var string|string[]
*/
public $formAction = 'self';
/**
* Specifies the sources that can embed the current page.
* This directive applies to `<frame>`, `<iframe>`, `<embed>`,
* and `<applet>` tags. This directive can't be used in
* `<meta>` tags and applies only to non-HTML resources.
*
* @var string|string[]|null
*/
public $frameAncestors = null;
/**
* Restricts the origins allowed to deliver video and audio.
*
* @var string|string[]|null
*/
public $mediaSrc = null;
/**
* Allows control over Flash and other plugins.
*
* @var string|string[]
*/
public $objectSrc = 'self';
/**
* @var string|string[]|null
*/
public $manifestSrc = null;
/**
* Limits the kinds of plugins a page may invoke.
*
* @var string|string[]|null
*/
public $pluginTypes = null;
/**
* List of actions allowed.
*
* @var string|string[]|null
*/
public $sandbox = null;
}
Reference in New Issue View Git Blame Copy Permalink