csp plug: add sts support

This commit is contained in:
William Pitcock 2018-11-11 06:50:28 +00:00
parent a2bf5426cb
commit 331cf6ada1

View file

@ -1,10 +1,17 @@
defmodule Pleroma.Plugs.CSPPlug do defmodule Pleroma.Plugs.CSPPlug do
alias Pleroma.Config
import Plug.Conn import Plug.Conn
def init(opts), do: opts def init(opts), do: opts
def call(conn, options) do def call(conn, options) do
conn = merge_resp_headers(conn, headers()) if Config.get([:csp, :enabled]) do
conn =
merge_resp_headers(conn, headers())
|> maybe_send_sts_header(Config.get([:csp, :sts]))
else
conn
end
end end
defp headers do defp headers do
@ -35,4 +42,14 @@ defp csp_string do
] ]
|> Enum.join("; ") |> Enum.join("; ")
end end
defp maybe_send_sts_header(conn, true) do
max_age = Config.get([:csp, :sts_max_age])
merge_resp_headers(conn, [
{"strict-transport-security", "max-age=#{max_age}; includeSubDomains"}
])
end
defp maybe_send_sts_header(conn, _), do: conn
end end