Content Security Policy (CSP) Improvements.

This commit is contained in:
2026-06-20 22:52:21 +02:00
parent e96d6b9a70
commit 229d2b4a15
35 changed files with 167 additions and 354 deletions

View File

@@ -18,10 +18,10 @@ require_once "{$_SERVER['DOCUMENT_ROOT']}/api/classes/API_apitoken.php";
# JS Scripts to load for this page
$jsScriptLoadData['enableButtonOnImageUpload'] = true;
$jsScriptLoadData['delete_confirmation'] = true;
$jsScriptLoadData['CopyTargetData'] = true;
$jsScriptLoadData['updateToggle'] = true;
$jsScriptLoadData['/src/js/sentri/enableButtonOnImageUpload.js'] = true;
$jsScriptLoadData['/src/js/sentri/delete_confirmation.js'] = true;
$jsScriptLoadData['/src/js/sentri/CopyTargetData.js'] = true;
$jsScriptLoadData['/src/js/sentri/updateToggle.js'] = true;
# PageClasses Setup
$pageNavbar = new pageNavbar(false, '<i class="fa-solid fa-address-card"></i> ' . $_SESSION['user']['user_full_name'] . ' ' . strtolower(__('user_profile')));
@@ -207,19 +207,19 @@ if ($user_data) { ?>
<h4><?php echo __('user_management') ?></h4>
</div>
<div class="card-body">
<div id="mfa-enabled-row" class="row" style="display: <?php echo(($_SESSION['user']['user_two_factor_enabled'] == 1) ? '' : 'none') ?>">
<div id="mfa-enabled-row" class="row <?= ($_SESSION['user']['user_two_factor_enabled'] ? '' : 'd-none') ?>">
<div class="col-auto">
<a href="#" class="btn btn-danger delete-btn" data-item-uuid="<?php echo $user_uuid ?>" data-api-url="/api/v1/user/mfa/" data-delete-action='{"mfa-enabled-row":"hide", "mfa-disabled-row":"show"}' data-item-name='user_uuid'>
<i class="fa-solid fa-lock"></i> <?php echo __('reset_mfa') ?>
<a href="#" class="btn btn-danger delete-btn" data-item-uuid="<?= $user_uuid ?>" data-api-url="/api/v1/user/mfa/" data-item-name="user_uuid" data-delete-action='{"mfa-enabled-row":"hide", "mfa-disabled-row":"show"}'>
<i class="fa-solid fa-lock"></i> <?= __('reset_mfa') ?>
</a>
</div>
</div>
<div id="mfa-disabled-row" class="row" style="display: <?php echo(($_SESSION['user']['user_two_factor_enabled'] == 1) ? 'none' : '') ?>">
<div id="mfa-disabled-row" class="row <?= ($_SESSION['user']['user_two_factor_enabled'] ? 'd-none' : '') ?>">
<div class="col-auto">
<a class="btn btn-primary" href="/login/mfaSetup.php">
<i class="fa-solid fa-lock"></i> <?php echo __('set_mfa') ?>
</a>
<button class="btn btn-danger delete-btn" disabled>
<i class="fa-solid fa-lock"></i> <?= __('reset_mfa') ?>
</button>
</div>
</div>
@@ -299,9 +299,9 @@ if ($user_data) { ?>
<tbody>
<?php foreach ($apitokens as $token_data) { ?>
<tr>
<td class="text-nowrap" style="max-width: 100%;">
<div class="d-flex align-items-center gap-2" style="max-width: 100%;">
<div class="text-truncate" style="max-width: 200px;" id="<?php echo $token_data['api_token_uuid'] ?>" data-copy-data="<?php echo $token_data['api_token_uuid']; ?>">
<td class="text-nowrap w-100">
<div class="d-flex align-items-center gap-2 w-100">
<div class="text-truncate" id="<?php echo $token_data['api_token_uuid'] ?>" data-copy-data="<?php echo $token_data['api_token_uuid']; ?>">
<?php echo $token_data['api_token_uuid']; ?>
</div>
<button type="button" class="btn btn-sm btn-outline-secondary" data-copy-target="<?php echo $token_data['api_token_uuid'] ?>" title="Copy ID">