mirror of
https://github.com/opensourcepos/opensourcepos.git
synced 2026-04-16 12:57:32 -04:00
6fec2464f8
- Merge Config and Core File Changes 4.6.3 > 4.6.4 - Merge Config and Core File Changes 4.6.4 > 4.7.0 - Added app\Config\WorkerMode.php - Merge Config and Core File Changes Not previously merged - Added app\Config\Hostnames.php - Corrected incorrect CSS property used in invoice.php view. - Corrected unknown CSS properties used in register.php view. - Used shorthand CSS in debug.css - Corrected indentation in barcode_sheet.php view. - Corrected indentation in footer.php view. - Corrected indentation in invoice_email.php view. - Replaced obsolete attributes with CSS style attributes in barcode_sheet.php - Replaced obsolete attribute in error_exception.php - Replaced obsolete attribute in invoice_email.php - Replaced obsolete attribute in quote_email.php - Replaced obsolete attributes in work_order_email.php - Fixed indentation in system_info.php - Replaced <strong> tag outside <p> tags, which isn't allowed, with style attributes. - Simplified js return logic and indentation fixes in tax_categories.php - Simplified js return logic in tax_codes.php - Simplified js return logic in tax_jurisdictions.php - Removed unnecessary labels in manage views. - Rewrite JavaScript function and PHP to be more readable in bar.php, hbar.php, line.php and pie.php - Added type declarations, return types and an import to app\Config\Services - Updated Attribute.php parameter type - Updated Receiving_lib.php parameter type - Updated Receivings.php parameter types and updated PHPdocs - Updated tabular_helper.php parameter types and updated PHPdocs - Added type declarations and corrected PHPdocs in url_helper.php - Added return types to functions - Revert $objectSrc value in ContentSecurityPolicy.php - Correct return type in Customer->get_stats() - Correct return type in Item->get_info_by_id_or_number() - Correct misspelling in border-spacing - Added missing css style semicolons - Resolve operator precedence ambiguity. - Resolve column mismatch. - Added missing escaping in view. - Updated requirement for PHP 8.2 - Resolve unresolved conflicts - Added PHP 8.2 requirement to the README.md - Fixed bugs in display of UI - Fixed duplicated `>` in app\Views\Expenses\manage.php - Removed excess whitespace at the end of some lines in table_filter_persistence.php - Added missing `>` in app\Views\Expenses\manage.php - Corrected grammar in PHPdoc in table_filter_persistence.php - Remove bug causing `\` to be injected into the new giftcard value - Fix bug causing DROPDOWN Attribute Values to not save correctly - Added check for null in $normalizedItemId - Removing < PHP 8.2 from linting and tests - Update Linter to not include PHP 8.2 and 8.1 - Remove PHP 8.1 unit test cycle. - Update Bug Report Template - Update Composer files for CodeIgniter 4.7.2 - Updated INSTALL.md to reflect changes. --------- Signed-off-by: objec <objecttothis@gmail.com>
87 lines
2.8 KiB
PHP
87 lines
2.8 KiB
PHP
<?php
|
|
|
|
namespace Config;
|
|
|
|
use CodeIgniter\Config\BaseConfig;
|
|
|
|
class Security extends BaseConfig
|
|
{
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Protection Method
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Protection Method for Cross Site Request Forgery protection.
|
|
*
|
|
* @var string 'cookie' or 'session'
|
|
*/
|
|
public string $csrfProtection = 'session';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Token Randomization
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Randomize the CSRF Token for added security.
|
|
*/
|
|
public bool $tokenRandomize = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Token Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Token name for Cross Site Request Forgery protection.
|
|
*/
|
|
public string $tokenName = 'csrf_ospos_v4';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Header Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Header name for Cross Site Request Forgery protection.
|
|
*/
|
|
public string $headerName = 'X-CSRF-TOKEN';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Cookie Name
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Cookie name for Cross Site Request Forgery protection.
|
|
*/
|
|
public string $cookieName = 'csrf_cookie_ospos_v4';
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Expires
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Expiration time for Cross Site Request Forgery protection cookie.
|
|
*
|
|
* Defaults to two hours (in seconds).
|
|
*/
|
|
public int $expires = 7200;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Regenerate
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Regenerate CSRF Token on every submission.
|
|
*/
|
|
public bool $regenerate = false;
|
|
|
|
/**
|
|
* --------------------------------------------------------------------------
|
|
* CSRF Redirect
|
|
* --------------------------------------------------------------------------
|
|
*
|
|
* Redirect to previous page with error on failure.
|
|
*
|
|
* @see https://codeigniter4.github.io/userguide/libraries/security.html#redirection-on-failure
|
|
*/
|
|
public bool $redirect = (ENVIRONMENT === 'production');
|
|
}
|