Merge branch 'service-worker-allowed-header' into 'develop'
Ability to set custom HTTP headers per each frontend See merge request pleroma/pleroma!3247
This commit is contained in:
commit
d7af0294e6
5 changed files with 51 additions and 3 deletions
|
@ -38,7 +38,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
|
|||
- OAuth improvements and fixes: more secure session-based authentication (by token that could be revoked anytime), ability to revoke belonging OAuth token from any client etc.
|
||||
- Ability to set ActivityPub aliases for follower migration.
|
||||
- Configurable background job limits for RichMedia (link previews) and MediaProxyWarmingPolicy
|
||||
|
||||
- Ability to define custom HTTP headers per each frontend
|
||||
|
||||
<details>
|
||||
<summary>API Changes</summary>
|
||||
|
|
|
@ -725,7 +725,10 @@
|
|||
"git" => "https://git.pleroma.social/pleroma/fedi-fe",
|
||||
"build_url" =>
|
||||
"https://git.pleroma.social/pleroma/fedi-fe/-/jobs/artifacts/${ref}/download?job=build",
|
||||
"ref" => "master"
|
||||
"ref" => "master",
|
||||
"custom-http-headers" => [
|
||||
{"service-worker-allowed", "/"}
|
||||
]
|
||||
},
|
||||
"admin-fe" => %{
|
||||
"name" => "admin-fe",
|
||||
|
|
|
@ -60,6 +60,12 @@
|
|||
label: "Build directory",
|
||||
type: :string,
|
||||
description: "The directory inside the zip file "
|
||||
},
|
||||
%{
|
||||
key: "custom-http-headers",
|
||||
label: "Custom HTTP headers",
|
||||
type: {:list, :string},
|
||||
description: "The custom HTTP headers for the frontend"
|
||||
}
|
||||
]
|
||||
|
||||
|
|
|
@ -20,9 +20,26 @@ def call(conn, _options) do
|
|||
end
|
||||
end
|
||||
|
||||
defp headers do
|
||||
def primary_frontend do
|
||||
with %{"name" => frontend} <- Config.get([:frontends, :primary]),
|
||||
available <- Config.get([:frontends, :available]),
|
||||
%{} = primary_frontend <- Map.get(available, frontend) do
|
||||
{:ok, primary_frontend}
|
||||
end
|
||||
end
|
||||
|
||||
def custom_http_frontend_headers do
|
||||
with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do
|
||||
custom_headers
|
||||
else
|
||||
_ -> []
|
||||
end
|
||||
end
|
||||
|
||||
def headers do
|
||||
referrer_policy = Config.get([:http_security, :referrer_policy])
|
||||
report_uri = Config.get([:http_security, :report_uri])
|
||||
custom_http_frontend_headers = custom_http_frontend_headers()
|
||||
|
||||
headers = [
|
||||
{"x-xss-protection", "1; mode=block"},
|
||||
|
@ -34,6 +51,13 @@ defp headers do
|
|||
{"content-security-policy", csp_string()}
|
||||
]
|
||||
|
||||
headers =
|
||||
if custom_http_frontend_headers do
|
||||
custom_http_frontend_headers ++ headers
|
||||
else
|
||||
headers
|
||||
end
|
||||
|
||||
if report_uri do
|
||||
report_group = %{
|
||||
"group" => "csp-endpoint",
|
||||
|
|
|
@ -72,6 +72,21 @@ test "default values for img-src and media-src with disabled media proxy", %{con
|
|||
assert csp =~ "media-src 'self' https:;"
|
||||
assert csp =~ "img-src 'self' data: blob: https:;"
|
||||
end
|
||||
|
||||
test "it sets the Service-Worker-Allowed header", %{conn: conn} do
|
||||
clear_config([:http_security, :enabled], true)
|
||||
clear_config([:frontends, :primary], %{"name" => "fedi-fe", "ref" => "develop"})
|
||||
|
||||
clear_config([:frontends, :available], %{
|
||||
"fedi-fe" => %{
|
||||
"name" => "fedi-fe",
|
||||
"custom-http-headers" => [{"service-worker-allowed", "/"}]
|
||||
}
|
||||
})
|
||||
|
||||
conn = get(conn, "/api/v1/instance")
|
||||
assert Conn.get_resp_header(conn, "service-worker-allowed") == ["/"]
|
||||
end
|
||||
end
|
||||
|
||||
describe "img-src and media-src" do
|
||||
|
|
Loading…
Reference in a new issue