Merge pull request #49 from sumocoders/365-csp-issues

365 CSP

Author: tijsverkoyen

.env

@@ -24,7 +24,7 @@ APP_SECRET=9947170bb921f0390a44d613fa7a3ce5
 # IMPORTANT: You MUST configure your server version, either here or in config/packages/doctrine.yaml
 #
 # DATABASE_URL="sqlite:///%kernel.project_dir%/var/data.db"
-DATABASE_URL="mysql://db_user:db_password@127.0.0.1:3306/db_name?serverVersion=5.7"
+DATABASE_URL="mysql://db_user:db_password@127.0.0.1:3306/db_name?serverVersion=8.0"
 # DATABASE_URL="postgresql://db_user:db_password@127.0.0.1:5432/db_name?serverVersion=13&charset=utf8"
 ###< doctrine/doctrine-bundle ###
 

assets/app.js

@@ -5,6 +5,12 @@ import 'tom-select/dist/css/tom-select.bootstrap5.css'
 import 'flatpickr/dist/flatpickr.css'
 import 'flatpickr/dist/themes/airbnb.css'
 
+// Fix CSP Nonce for Turbo requests
+// See: https://github.com/hotwired/turbo/issues/294#issuecomment-877842232
+document.addEventListener('turbo:before-fetch-request', (event) => {
+  event.detail.fetchOptions.headers['X-CSP-Nonce'] = document.querySelector('meta[name="csp-nonce"]').content
+})
+
 // JS
 import 'bootstrap'
 import './bootstrap.js'

composer.json

@@ -8,8 +8,9 @@
         "ext-sodium": "*",
         "beberlei/doctrineextensions": "^1.5",
         "doctrine/doctrine-migrations-bundle": "^3.3",
+        "nelmio/security-bundle": "^3.5",
         "sentry/sentry-symfony": "^5.1",
-        "sumocoders/framework-core-bundle": "^12.0",
+        "sumocoders/framework-core-bundle": "^14.0",
         "symfony/apache-pack": "^1.0.1",
         "symfony/asset-mapper": "^7.3",
         "symfony/debug-bundle": "^7.3",