homelab/speedtest-tracker
1
0
Fork 0
mirror of https://github.com/alexjustesen/speedtest-tracker.git synced 2026-06-23 06:50:09 +00:00
Code Issues Actions Packages Projects Releases Wiki Activity

[Bug] Removed embeddable public dashboard (#1025)

Browse Source
This commit is contained in:
Alex Justesen
2023-12-28 10:28:02 -05:00
committed by GitHub
parent bfe86ebf4d
commit 08fda86c99
6 changed files with 0 additions and 61 deletions
Download Patch File Download Diff File Expand all files Collapse all files
.env.example
-2
View File
@@ -4,8 +4,6 @@ APP_KEY=
APP_DEBUG=false
APP_URL=http://localhost
ALLOW_EMBEDS=
FORCE_HTTPS=false
CONTENT_WIDTH=7xl
app/Http/Kernel.php
-2
View File
@@ -64,7 +64,5 @@ class Kernel extends HttpKernel
'signed' => \App\Http\Middleware\ValidateSignature::class,
'throttle' => \Illuminate\Routing\Middleware\ThrottleRequests::class,
'verified' => \Illuminate\Auth\Middleware\EnsureEmailIsVerified::class,
'x-frame-allow' => \App\Http\Middleware\FrameAllowOptions::class,
];
}
app/Http/Middleware/FrameAllowOptions.php
-26
View File
@@ -1,26 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Request;
use Symfony\Component\HttpFoundation\Response;
class FrameAllowOptions
{
/**
* Handle an incoming request.
*
* @param \Closure(\Illuminate\Http\Request): (\Symfony\Component\HttpFoundation\Response) $next
*/
public function handle(Request $request, Closure $next): Response
{
$response = $next($request);
if (! blank(config('speedtest.allow_embeds'))) {
$response->headers->set('X-Frame-Options', 'ALLOW-FROM '.config('speedtest.allow_embeds'));
}
return $response;
}
}
config/speedtest.php
-5
View File
@@ -23,9 +23,4 @@ return [
'notification_polling' => env('NOTIFICATION_POLLING', '60s'),
'results_polling' => env('RESULTS_POLLING', null),
/**
* Security
*/
'allow_embeds' => env('ALLOW_EMBEDS', null),
];
docker/deploy/etc/nginx/server-opts.d/security.conf
-25
View File
@@ -1,25 +0,0 @@
#
# Security Headers
#
# Prevent IFRAME spoofing attacks
# Disabled for Speedtest Tracked to be embedded.
# add_header X-Frame-Options "SAMEORIGIN" always;
# Prevent MIME attacks
add_header X-Content-Type-Options "nosniff" always;
# Prevent Referrer URL from being leaked
add_header Referrer-Policy "no-referrer-when-downgrade" always;
# Configure Content Security Policy
# UPDATE - September 2020: Commenting this out until we grasp better security requirements
#add_header Content-Security-Policy "default-src 'self' http: https: data: blob: 'unsafe-inline'" always;
# Enable HSTS
add_header Strict-Transport-Security "max-age=31536000; includeSubDomains" always;
# Prevent access to . files (excent the well-known directory)
location ~ /\.(?!well-known) {
deny all;
}
routes/web.php
-1
View File
@@ -15,7 +15,6 @@ use Illuminate\Support\Facades\Route;
*/
Route::get('/', HomeController::class)
->middleware('x-frame-allow')
->name('home');
Route::redirect('/login', '/admin/login')