fix: replace malicious polyfill cdn (#347)

code4romania · Jun 28, 2024 · 52be305 · 52be305
1 parent f20751c
commit 52be305
Show file tree

Hide file tree

Showing 2 changed files with 4 additions and 4 deletions.
diff --git a/app/Http/Middleware/SecurityHeaders.php b/app/Http/Middleware/SecurityHeaders.php
@@ -31,9 +31,9 @@ public function handle($request, Closure $next)
             if (app()->environment(['production', 'development'])) {
                 $response->headers->add(
                     [
-                        'Content-Security-Policy' => "default-src fonts.googleapis.com *.amazonaws.com *.google.com www.googletagmanager.com www.google-analytics.com impreunapentrusanatate.ro dev.impreunapentrusanatate.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com polyfill.io maps.googleapis.com cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.tiny.cloud; img-src 'self' data: *.amazonaws.com maps.googleapis.com maps.gstatic.com sp.tinymce.com *.google-analytics.com; frame-src 'self' *.google.com www.googletagmanager.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com;",
-                        'X-Content-Security-Policy' => "default-src fonts.googleapis.com *.amazonaws.com *.google.com www.googletagmanager.com www.google-analytics.com impreunapentrusanatate.ro dev.impreunapentrusanatate.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com polyfill.io maps.googleapis.com cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.tiny.cloud; img-src 'self' data: *.amazonaws.com maps.googleapis.com maps.gstatic.com sp.tinymce.com *.google-analytics.com; frame-src 'self' *.google.com www.googletagmanager.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com",
-                        'X-WebKit-CSP' => "default-src fonts.googleapis.com *.amazonaws.com *.google.com www.googletagmanager.com www.google-analytics.com helpforhealth.local impreunapentrusanatate.ro dev.impreunapentrusanatate.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com polyfill.io maps.googleapis.com cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.tiny.cloud; img-src 'self' data: *.amazonaws.com maps.googleapis.com maps.gstatic.com sp.tinymce.com *.google-analytics.com; frame-src 'self' *.google.com www.googletagmanager.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com"
+                        'Content-Security-Policy' => "default-src fonts.googleapis.com *.amazonaws.com *.google.com www.googletagmanager.com www.google-analytics.com impreunapentrusanatate.ro dev.impreunapentrusanatate.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com maps.googleapis.com cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.tiny.cloud; img-src 'self' data: *.amazonaws.com maps.googleapis.com maps.gstatic.com sp.tinymce.com *.google-analytics.com; frame-src 'self' *.google.com www.googletagmanager.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com;",
+                        'X-Content-Security-Policy' => "default-src fonts.googleapis.com *.amazonaws.com *.google.com www.googletagmanager.com www.google-analytics.com impreunapentrusanatate.ro dev.impreunapentrusanatate.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com maps.googleapis.com cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.tiny.cloud; img-src 'self' data: *.amazonaws.com maps.googleapis.com maps.gstatic.com sp.tinymce.com *.google-analytics.com; frame-src 'self' *.google.com www.googletagmanager.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com",
+                        'X-WebKit-CSP' => "default-src fonts.googleapis.com *.amazonaws.com *.google.com www.googletagmanager.com www.google-analytics.com helpforhealth.local impreunapentrusanatate.ro dev.impreunapentrusanatate.ro; script-src 'self' 'unsafe-inline' 'unsafe-eval' *.google.com www.googletagmanager.com *.google-analytics.com www.gstatic.com maps.googleapis.com cdn.jsdelivr.net cdn.tiny.cloud cdnjs.cloudflare.com; object-src 'none'; style-src 'self' 'unsafe-inline' fonts.googleapis.com cdnjs.cloudflare.com cdn.tiny.cloud; img-src 'self' data: *.amazonaws.com maps.googleapis.com maps.gstatic.com sp.tinymce.com *.google-analytics.com; frame-src 'self' *.google.com www.googletagmanager.com www.google-analytics.com; font-src 'self' fonts.googleapis.com fonts.gstatic.com"
                     ]
                 );
             }

diff --git a/resources/views/frontend/clinic-details.blade.php b/resources/views/frontend/clinic-details.blade.php
@@ -161,7 +161,7 @@
 @endsection
 
 @section('head-scripts')
-    <script src="https://polyfill.io/v3/polyfill.min.js?features=default"></script>
+    <script src="https://cdnjs.cloudflare.com/polyfill/v3/polyfill.min.js?features=default"></script>
     <script
         src="https://maps.googleapis.com/maps/api/js?key={{ config('maps.api_key') }}&callback=initMap&libraries=&v=weekly"
         defer