The main concerns to have with this module are the externally exposed forms, that allow outsiders to exercise their rights (according to the GDPR), or to report a data breach. These forms are available on the following links:
| Submodule | URL |
|---|---|
| Data subject requests | <backend-url>/exercicio-de-direitos |
| Data breaches | <backend-url>/violacao-de-dados |
When in development, should you need to use/change these forms, be aware that the forms make use of the Laravel Caffeine package. This package allows the form to basically be permanently open without expiring (which results in an HTTP 419 by part of the Laravel framework).
Since on a local environment you won't be using HTTPS for the requests, the following .env setting is required to make the forms work properly:
SESSION_SECURE_COOKIE=falseYou can include this variable under the following ones, for example:
BROADCAST_DRIVER=redis
CACHE_DRIVER=redis
QUEUE_CONNECTION=redis
SESSION_DRIVER=redis
SESSION_LIFETIME=120Note: You should never use this configuration on a production environment.
Going into production it is absolutely crucial that the Google ReCaptcha service is configured and enabled, especially given the context of the module itself, since it wouldn't be very secure or reliable to have two forms such as these open to the public and for any bot to overflow with requests.
This configuration must be made on the client's .env file, following the example given on .env.example:
NOCAPTCHA_SUPPORTED=true
NOCAPTCHA_SITEKEY="<google-reCaptcha-key>"
NOCAPTCHA_SECRET="<google-reCaptcha-secret>"If the client is hosted by WeMake, the site key and secret should be generated with our account (talk with JFM), otherwise the client must be made aware of this feature, thus generating and mantaining their own credentials.