remove hashes from CSP when using log-viewer (#1861)

ildyria · web-flow · commit 88aacd72a74d · 2023-05-22T09:29:37.000+02:00
* remove hashes from CSP when using log-viewer
* push 4.9.2 sadly
diff --git a/app/Providers/AppServiceProvider.php b/app/Providers/AppServiceProvider.php
@@ -120,6 +120,8 @@ public function boot()
 			// We only do that in that specific case. It is disabled by default otherwise.
 			config(['secure-headers.csp.script-src.unsafe-eval' => true]);
 			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
+			config(['secure-headers.csp.script-src.unsafe-inline' => true]);
+			config(['secure-headers.csp.script-src.hashes.sha256' => []]);
 
 			// Allow to bypass when debug is ON and when env is dev
 			// At this point, it is no longer our fault if the Lychee admin have their logs publically accessible.
diff --git a/database/migrations/2023_05_21_225616_bump_version040902.php b/database/migrations/2023_05_21_225616_bump_version040902.php
@@ -0,0 +1,26 @@
+<?php
+
+use Illuminate\Database\Migrations\Migration;
+use Illuminate\Support\Facades\DB;
+
+return new class() extends Migration {
+	/**
+	 * Run the migrations.
+	 *
+	 * @return void
+	 */
+	public function up(): void
+	{
+		DB::table('configs')->where('key', 'version')->update(['value' => '040902']);
+	}
+
+	/**
+	 * Reverse the migrations.
+	 *
+	 * @return void
+	 */
+	public function down(): void
+	{
+		DB::table('configs')->where('key', 'version')->update(['value' => '040901']);
+	}
+};
diff --git a/version.md b/version.md
@@ -1 +1 @@
-4.9.1
+4.9.2
