codebar-ag · StanBarrows · Apr 10, 2025 · Apr 10, 2025 · Apr 10, 2025 · Apr 10, 2025
diff --git a/app/Enums/EnvironmentEnum.php b/app/Enums/EnvironmentEnum.php
@@ -2,9 +2,7 @@
 
 namespace App\Enums;
 
-use Filament\Support\Contracts\HasLabel;
-
-enum EnvironmentEnum: string implements HasLabel
+enum EnvironmentEnum: string
 {
     case LOCAL = 'local';
     case STAGING = 'staging';

diff --git a/app/Enums/GuardEnum.php b/app/Enums/GuardEnum.php
@@ -2,9 +2,7 @@
 
 namespace App\Enums;
 
-use Filament\Support\Contracts\HasLabel;
-
-enum GuardEnum: string implements HasLabel
+enum GuardEnum: string
 {
     case WEB = 'web';
 

diff --git a/app/Enums/LocaleEnum.php b/app/Enums/LocaleEnum.php
@@ -2,9 +2,7 @@
 
 namespace App\Enums;
 
-use Filament\Support\Contracts\HasLabel;
-
-enum LocaleEnum: string implements HasLabel
+enum LocaleEnum: string
 {
     case DE = 'de_CH';
     case EN = 'en_CH';

diff --git a/app/Enums/RoleEnum.php b/app/Enums/RoleEnum.php
@@ -2,9 +2,7 @@
 
 namespace App\Enums;
 
-use Filament\Support\Contracts\HasLabel;
-
-enum RoleEnum: string implements HasLabel
+enum RoleEnum: string
 {
     case ADMINISTRATOR = 'administrator';
     case USER = 'user';

diff --git a/app/Enums/SessionKeyEnum.php b/app/Enums/SessionKeyEnum.php
@@ -2,9 +2,7 @@
 
 namespace App\Enums;
 
-use Filament\Support\Contracts\HasLabel;
-
-enum SessionKeyEnum: string implements HasLabel
+enum SessionKeyEnum: string
 {
     case LANGUAGE = 'language';
 

diff --git a/app/Http/Middleware/AddContentSecurityPolicyHeaders.php b/app/Http/Middleware/AddContentSecurityPolicyHeaders.php
diff --git a/app/Http/Middleware/AddReferrerPolicyMiddleware.php b/app/Http/Middleware/AddReferrerPolicyMiddleware.php
@@ -0,0 +1,20 @@
+<?php
+
+namespace App\Http\Middleware;
+
+use Closure;
+use Illuminate\Http\Request;
+use Symfony\Component\HttpFoundation\Response;
+
+class AddReferrerPolicyMiddleware
+{
+    public function handle(Request $request, Closure $next): Response
+    {
+        /** @var \Symfony\Component\HttpFoundation\Response $response */
+        $response = $next($request);
+
+        $response->headers->set('Referrer-Policy', 'strict-origin-when-cross-origin');
+
+        return $response;
+    }
+}
diff --git a/app/Security/Presets/MyCspPreset.php b/app/Security/Presets/MyCspPreset.php
@@ -13,28 +13,43 @@ public function configure(Policy $policy): void
     {
         $policy->add(Directive::BASE, Keyword::SELF);
 
-        $policy->add(Directive::CONNECT, Keyword::SELF);
         $policy->add(Directive::DEFAULT, Keyword::SELF);
-        $policy->add(Directive::FONT, Keyword::SELF);
-        $policy->add(Directive::FORM_ACTION, Keyword::SELF);
-        $policy->add(Directive::IMG, [
+
+        $policy->add(Directive::SCRIPT, [
             Keyword::SELF,
-            'data:',
+            'cdn.usefathom.com',
+            'cdn-eu.usefathom.com',
         ]);
-        $policy->add(Directive::MEDIA, Keyword::SELF);
-        $policy->add(Directive::OBJECT, Keyword::NONE);
 
-        $policy->add(Directive::SCRIPT, Keyword::SELF);
+        $policy->add(Directive::SCRIPT_ELEM, [
+            Keyword::SELF,
+            'cdn.usefathom.com',
+            'cdn-eu.usefathom.com',
+        ]);
 
         $policy->add(Directive::STYLE, [
             Keyword::SELF,
             Keyword::UNSAFE_INLINE,
         ]);
 
-        // Fathom Analytics
-        $policy->add(Directive::SCRIPT, 'cdn.usefathom.com');
-        $policy->add(Directive::CONNECT, 'cdn.usefathom.com');
-        $policy->add(Directive::SCRIPT, 'cdn-eu.usefathom.com');
-        $policy->add(Directive::CONNECT, 'cdn-eu.usefathom.com');
+        $policy->add(Directive::STYLE_ELEM, [
+            Keyword::SELF,
+            Keyword::UNSAFE_INLINE,
+        ]);
+
+        $policy->add(Directive::IMG, [
+            Keyword::SELF,
+            'data:',
+        ]);
+
+        $policy->add(Directive::FONT, Keyword::SELF);
+        $policy->add(Directive::FORM_ACTION, Keyword::SELF);
+        $policy->add(Directive::MEDIA, Keyword::SELF);
+        $policy->add(Directive::OBJECT, Keyword::NONE);
+        $policy->add(Directive::CONNECT, [
+            Keyword::SELF,
+            'cdn.usefathom.com',
+            'cdn-eu.usefathom.com',
+        ]);
     }
 }
diff --git a/bootstrap/app.php b/bootstrap/app.php
@@ -1,6 +1,6 @@
 <?php
 
-use App\Http\Middleware\AddContentSecurityPolicyHeaders;
+use App\Http\Middleware\AddReferrerPolicyMiddleware;
 use App\Http\Middleware\SetLanguage;
 use App\Providers\AppServiceProvider;
 use App\Providers\EventServiceProvider;
@@ -25,7 +25,7 @@
     ->withMiddleware(function (Middleware $middleware) {
         $middleware->web(append: [
             AddCspHeaders::class,
-            // AddContentSecurityPolicyHeaders::class,
+            AddReferrerPolicyMiddleware::class,
             AddFeaturePolicyHeaders::class,
             SetLanguage::class,
             CacheResponse::class,

diff --git a/composer.json b/composer.json
@@ -10,11 +10,9 @@
   "require": {
     "php": "^8.4",
     "codebar-ag/laravel-flysystem-cloudinary": "^v12.0.1",
-    "filament/filament": "^3.3",
     "laravel/framework": "^v12.1.1",
     "laravel/tinker": "^2.10.1",
     "league/flysystem-aws-s3-v3": "^3.28",
-    "livewire/livewire": "^3.5",
     "mazedlx/laravel-feature-policy": "^2.2",
     "sammyjo20/lasso": "3.4.0",
     "spatie/laravel-csp": "^3.8",
@@ -38,7 +36,6 @@
     "pestphp/pest-plugin-arch": "^3.0",
     "pestphp/pest-plugin-faker": "^3.0",
     "pestphp/pest-plugin-laravel": "^3.1",
-    "pestphp/pest-plugin-livewire": "^3.1",
     "pestphp/pest-plugin-type-coverage": "^3.3",
     "phpstan/extension-installer": "^1.4.3",
     "phpstan/phpstan": "2.1.6",