Sync changes from upstream on develop branch #1

Merged
fedward merged 21 commits from AkkomaGang/akkoma:develop into develop 2022-11-15 15:32:17 +00:00
2 changed files with 14 additions and 8 deletions
Showing only changes of commit ac0c00cdee - Show all commits

View file

@ -104,14 +104,12 @@ defp csp_string do
{[img_src, " https:"], [media_src, " https:"]} {[img_src, " https:"], [media_src, " https:"]}
end end
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url] connect_src = if Config.get([:media_proxy, :enabled]) do
sources = build_csp_multimedia_source_list()
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url, ?\s, sources]
if Config.get(:env) == :dev do else
[connect_src, " http://localhost:3035/"] ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
else end
connect_src
end
script_src = script_src =
if Config.get(:env) == :dev do if Config.get(:env) == :dev do

View file

@ -100,12 +100,14 @@ test "media_proxy with base_url", %{conn: conn} do
url = "https://example.com" url = "https://example.com"
clear_config([:media_proxy, :base_url], url) clear_config([:media_proxy, :base_url], url)
assert_media_img_src(conn, url) assert_media_img_src(conn, url)
assert_connect_src(conn, url)
end end
test "upload with base url", %{conn: conn} do test "upload with base url", %{conn: conn} do
url = "https://example2.com" url = "https://example2.com"
clear_config([Pleroma.Upload, :base_url], url) clear_config([Pleroma.Upload, :base_url], url)
assert_media_img_src(conn, url) assert_media_img_src(conn, url)
assert_connect_src(conn, url)
end end
test "with S3 public endpoint", %{conn: conn} do test "with S3 public endpoint", %{conn: conn} do
@ -138,6 +140,12 @@ defp assert_media_img_src(conn, url) do
assert csp =~ "img-src 'self' data: blob: #{url};" assert csp =~ "img-src 'self' data: blob: #{url};"
end end
defp assert_connect_src(conn, url) do
conn = get(conn, "/api/v1/instance")
[csp] = Conn.get_resp_header(conn, "content-security-policy")
assert csp =~ ~r/connect-src 'self' blob: [^;]+ #{url}/
end
test "it does not send CSP headers when disabled", %{conn: conn} do test "it does not send CSP headers when disabled", %{conn: conn} do
clear_config([:http_security, :enabled], false) clear_config([:http_security, :enabled], false)