fedward/distraction.party
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'fix-csp-upgrade-insecure-requests-check' into 'develop'

Browse source 
Fix CSP check for 'upgrade-insecure-requests'

See merge request pleroma/pleroma!814
This commit is contained in:
Haelwenn 2019-02-12 02:44:23 +00:00
commit c71b3a1b12
1 changed files with 2 additions and 2 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/pleroma/plugs/http_security_plug.ex
View file

@ -33,7 +33,7 @@ defp headers do
end end
defp csp_string do defp csp_string do
protocol = Config.get([Pleroma.Web.Endpoint, :protocol]) scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
[ [
"default-src 'none'", "default-src 'none'",
@ -46,7 +46,7 @@ defp csp_string do
"script-src 'self'", "script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'", "manifest-src 'self'",
if protocol == "https" do if scheme == "https" do
"upgrade-insecure-requests" "upgrade-insecure-requests"
end end
] ]