mirror of
https://github.com/BookStackApp/BookStack.git
synced 2025-11-01 14:51:10 +03:00
92922288dd
Added iframe CSP headers with configuration via .env. Updated session cookies to be lax by default, dynamically changing to none when iframes configured to allow third-party control. Updated cookie security to be auto-secure if a https APP_URL is set. Related to #2427 and #2207.