You've already forked Atomcms-edit
root
7f59024bef
- Remove User::$guarded = [] to prevent mass assignment attacks - Enable SQL strict mode and disable emulated prepares (SQL injection prevention) - Switch password hashing from bcrypt to argon2id (stronger algorithm) - Enable session encryption to protect session data at rest - Restrict TrustProxies to localhost only (prevent IP spoofing) - Restrict CORS allowed_methods via env variable instead of wildcard - Add PayPal amount mismatch detection to prevent payment manipulation - Add double-capture prevention (idempotency check) - Add expected_amount column to transactions table for verification
37 lines
1.1 KiB
PHP
Executable File
37 lines
1.1 KiB
PHP
Executable File
<?php
|
|
|
|
declare(strict_types=1);
|
|
|
|
return [
|
|
|
|
/*
|
|
|--------------------------------------------------------------------------
|
|
| Cross-Origin Resource Sharing (CORS) Configuration
|
|
|--------------------------------------------------------------------------
|
|
|
|
|
| Here you may configure your settings for cross-origin resource sharing
|
|
| or "CORS". This determines what cross-origin operations may execute
|
|
| in web browsers. You are free to adjust these settings as needed.
|
|
|
|
|
| To learn more: https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
|
|
|
|
|
*/
|
|
|
|
'paths' => ['api/*', 'sanctum/csrf-cookie'],
|
|
|
|
'allowed_methods' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_METHODS', 'GET,POST,PUT,PATCH,DELETE,OPTIONS'))), fn ($v) => $v !== ''),
|
|
|
|
'allowed_origins' => array_filter(array_map(trim(...), explode(',', (string) env('CORS_ALLOWED_ORIGINS', ''))), fn ($v) => $v !== ''),
|
|
|
|
'allowed_origins_patterns' => [],
|
|
|
|
'allowed_headers' => ['*'],
|
|
|
|
'exposed_headers' => [],
|
|
|
|
'max_age' => 0,
|
|
|
|
'supports_credentials' => true,
|
|
|
|
];
|