Merge branch 'feature/csp_mastofe-dev' into 'develop'
Add CSP for mastofe development, remove secure-cookies in MIX_ENV=dev See merge request pleroma/pleroma!820
This commit is contained in:
commit
0534463cef
2 changed files with 19 additions and 3 deletions
|
@ -16,7 +16,8 @@
|
||||||
debug_errors: true,
|
debug_errors: true,
|
||||||
code_reloader: true,
|
code_reloader: true,
|
||||||
check_origin: false,
|
check_origin: false,
|
||||||
watchers: []
|
watchers: [],
|
||||||
|
secure_cookie_flag: false
|
||||||
|
|
||||||
config :pleroma, Pleroma.Mailer, adapter: Swoosh.Adapters.Local
|
config :pleroma, Pleroma.Mailer, adapter: Swoosh.Adapters.Local
|
||||||
|
|
||||||
|
|
|
@ -34,6 +34,21 @@ defp headers do
|
||||||
|
|
||||||
defp csp_string do
|
defp csp_string do
|
||||||
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
|
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
|
||||||
|
websocket_url = String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws")
|
||||||
|
|
||||||
|
connect_src =
|
||||||
|
if Mix.env() == :dev do
|
||||||
|
"connect-src 'self' http://localhost:3035/ " <> websocket_url
|
||||||
|
else
|
||||||
|
"connect-src 'self' " <> websocket_url
|
||||||
|
end
|
||||||
|
|
||||||
|
script_src =
|
||||||
|
if Mix.env() == :dev do
|
||||||
|
"script-src 'self' 'unsafe-eval'"
|
||||||
|
else
|
||||||
|
"script-src 'self'"
|
||||||
|
end
|
||||||
|
|
||||||
[
|
[
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
|
@ -43,9 +58,9 @@ defp csp_string do
|
||||||
"media-src 'self' https:",
|
"media-src 'self' https:",
|
||||||
"style-src 'self' 'unsafe-inline'",
|
"style-src 'self' 'unsafe-inline'",
|
||||||
"font-src 'self'",
|
"font-src 'self'",
|
||||||
"script-src 'self'",
|
|
||||||
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
|
|
||||||
"manifest-src 'self'",
|
"manifest-src 'self'",
|
||||||
|
connect_src,
|
||||||
|
script_src,
|
||||||
if scheme == "https" do
|
if scheme == "https" do
|
||||||
"upgrade-insecure-requests"
|
"upgrade-insecure-requests"
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue