Merge branch 'fix-csp-upgrade-insecure-requests-check' into 'develop'

Fix CSP check for 'upgrade-insecure-requests'

See merge request pleroma/pleroma!814

lib/pleroma/plugs/http_security_plug.ex

@@ -33,7 +33,7 @@ defp headers do
   end
 
   defp csp_string do
-    protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
+    scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
 
     [
       "default-src 'none'",
@@ -46,7 +46,7 @@ defp csp_string do
       "script-src 'self'",
       "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
       "manifest-src 'self'",
-      if protocol == "https" do
+      if scheme == "https" do
         "upgrade-insecure-requests"
       end
     ]