From 2da13af04c7407247364b800fcd61e22010bb4eb Mon Sep 17 00:00:00 2001 From: Yasen Pramatarov Date: Mon, 17 Feb 2025 18:51:39 +0200 Subject: [PATCH] Bugfixes --- app/helpers/security.php | 2 +- app/includes/security_headers_middleware.php | 4 ++-- 2 files changed, 3 insertions(+), 3 deletions(-) diff --git a/app/helpers/security.php b/app/helpers/security.php index 4c06b09..39035e4 100644 --- a/app/helpers/security.php +++ b/app/helpers/security.php @@ -17,7 +17,7 @@ class SecurityHelper { public static function getInstance() { if (self::$instance === null) { - self::$instance = new Security(); + self::$instance = new SecurityHelper(); } return self::$instance; } diff --git a/app/includes/security_headers_middleware.php b/app/includes/security_headers_middleware.php index c923d5e..329921c 100644 --- a/app/includes/security_headers_middleware.php +++ b/app/includes/security_headers_middleware.php @@ -32,9 +32,9 @@ if (isset($_SERVER['HTTPS']) && $_SERVER['HTTPS'] === 'on') { $csp = [ "default-src 'self'", "script-src 'self' 'unsafe-inline' 'unsafe-eval'", // Required for Bootstrap and jQuery - "style-src 'self' 'unsafe-inline'", // Required for Bootstrap + "style-src 'self' 'unsafe-inline' https://use.fontawesome.com", // Allow FontAwesome CSS "img-src 'self' data:", // Allow data: URLs for images - "font-src 'self'", + "font-src 'self' https://use.fontawesome.com", // Allow FontAwesome fonts "connect-src 'self'", "frame-ancestors 'none'", // Equivalent to X-Frame-Options: DENY "form-action 'self'",