feat: implement CSP for Bootstrap CSS files

composer.json

@@ -19,7 +19,7 @@
   "require": {
     "php": ">=8.0",
     "laminas/laminas-diagnostics": "^1.24",
-    "pimcore/pimcore": "^10.0",
+    "pimcore/pimcore": "^10.4",
     "spatie/ssl-certificate": "^2.4"
   },
   "require-dev": {

src/PimcoreMonitorBundle/Controller/Admin/HealthCheckController.php

@@ -33,7 +33,7 @@ public function health(RunnerManager $runnerManager): JsonResponse
         // Check rights
         if (!$adminUser || !$adminUser->isAdmin()) {
             Logger::error(
-                'User {user} attempted to access the system health report results, but has no permission to do so',
+                'User {user} attempted to access the system health report results, but has no permission to do so.',
                 ['user' => $adminUser->getName()]
             );
 
@@ -58,7 +58,7 @@ public function status(RunnerManager $runnerManager): Response
         // Check rights
         if (!$adminUser || !$adminUser->isAdmin()) {
             Logger::error(
-                'User {user} attempted to access the system health status page, but has no permission to do so',
+                'User {user} attempted to access the system health status page, but has no permission to do so.',
                 ['user' => $adminUser->getName()]
             );
 

src/PimcoreMonitorBundle/Resources/config/pimcore/config.yaml

@@ -0,0 +1,9 @@
+pimcore_admin:
+    admin_csp_header:
+        additional_urls:
+            style-src:
+                - 'https://cdn.jsdelivr.net/npm/[email protected]/dist/css/bootstrap.min.css'
+                - 'https://cdn.jsdelivr.net/npm/[email protected]/font/bootstrap-icons.css'
+            font-src:
+                - 'https://cdn.jsdelivr.net/npm/[email protected]/font/fonts/bootstrap-icons.woff'
+                - 'https://cdn.jsdelivr.net/npm/[email protected]/font/fonts/bootstrap-icons.woff2'