imports: - { resource: config.yml } doctrine: orm: metadata_cache_driver: '%doctrine_cache_backend%' result_cache_driver: type: predis cache_provider: predis query_cache_driver: '%doctrine_cache_backend%' doctrine_cache: providers: predis: type: predis predis: client_id: snc_redis.cache_client monolog: handlers: main: type: fingers_crossed action_level: error handler: nested channels: ['!event'] # in sf4 excluded_http_codes: [404] excluded_404s: - ^/ nested: type: stream path: '%kernel.logs_dir%/%kernel.environment%.log' level: debug include_stacktraces: true console_debug: type: console include_stacktraces: true verbosity_levels: VERBOSITY_NORMAL: EMERGENCY VERBOSITY_VERBOSE: INFO VERBOSITY_VERY_VERBOSE: NOTICE VERBOSITY_DEBUG: DEBUG snc_redis: clients: default: type: predis alias: default dsn: '%redis_dsn%' options: profile: 2.8 cache: type: predis alias: cache dsn: '%redis_session_dsn%' options: profile: 2.8 session: client: cache ttl: 3600 framework: session: handler_id: snc_redis.session.handler cookie_secure: '%force_ssl%' nelmio_security: clickjacking: paths: '^/.*': DENY forced_ssl: enabled: '%force_ssl%' hosts: '%forced_ssl_hosts%' hsts_max_age: 31104000 # 1y csp: enabled: true report_logger_service: logger hosts: [] content_types: [] enforce: browser_adaptive: enabled: false default-src: - 'self' script-src: - 'self' - 'unsafe-inline' - 'unsafe-eval' - 'https://cdn.jsdelivr.net/' - 'https://www.google-analytics.com/' connect-src: - 'self' - '*.algolia.net' - '*.algolianet.com' img-src: - 'self' - 'https:' - 'data:' - 'http://www.google-analytics.com/' style-src: - 'self' - 'unsafe-inline' - 'https://cdn.jsdelivr.net/' - 'https://fonts.googleapis.com/' font-src: - 'self' - 'https://fonts.gstatic.com/' block-all-mixed-content: true # defaults to false, blocks HTTP content over HTTPS transport