8 Commits

Author	SHA1	Message	Date
r3g_5z	413b40b510	Drop X-Download-Options ... It's an IE8-era header where Adobe products used to use the IE engine when making outbound web requests to embed webpages such as Adobe Acrobat. This is something that a secure and modern CSP would protect against. Signed-off-by: r3g_5z <june@terezi.dev>	2022-11-19 23:12:02 -05:00
FloatingGhost	ac0c00cdee	Add media sources to connect-src if media proxy is enabled	2022-11-10 17:26:51 +00:00
Thomas Citharel	4d0a51221a	Fix typo in CSP Report-To header name ... The header name was Report-To, not Reply-To. In any case, that's now being changed to the Reporting-Endpoints HTTP Response Header. https://w3c.github.io/reporting/#header https://github.com/w3c/reporting/issues/177 CanIUse says the Report-To header is still supported by current Chrome and friends. https://caniuse.com/mdn-http_headers_report-to It doesn't have any data for the Reporting-Endpoints HTTP header, but this article says Chrome 96 supports it. https://web.dev/reporting-api/ (Even though that's come out one year ago, that's not compatible with Network Error Logging which's still using the Report-To version of the API) Signed-off-by: Thomas Citharel <tcit@tcit.fr>	2022-11-04 15:02:13 +01:00
eugenijm	7fcaa188a0	Allow to define custom HTTP headers per each frontend	2021-01-21 21:55:23 +03:00
eugenijm	133644dfa2	Ability to set the Service-Worker-Allowed header	2021-01-21 21:55:11 +03:00
Haelwenn (lanodan) Monnier	c4439c630f	Bump Copyright to 2021 ... grep -rl '# Copyright © .* Pleroma' * | xargs sed -i 's;Copyright © .* Pleroma .*;Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/>;'	2021-01-13 07:49:50 +01:00
Egor Kislitsyn	1a98476f48	Remove unused aliases	2020-10-30 18:42:43 +04:00
Alexander Strizhakov	7dffaef479	tests consistency	2020-10-13 16:35:09 +03:00

Renamed from test/plugs/http_security_plug_test.exs (Browse further)