kawen/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https

Browse source 
This fixes running mastofe with MIX_ENV=dev
This commit is contained in:
Haelwenn (lanodan) Monnier 2018-11-26 21:40:29 +01:00
parent 3370924b8b
commit 04daa0fa44
No known key found for this signature in database
GPG key ID: D5B7A8E43C997DEE
1 changed files with 5 additions and 1 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
lib/pleroma/plugs/http_security_plug.ex
View file

@ -29,6 +29,8 @@ defp headers do
end
defp csp_string do
protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
[
"default-src 'none'",
"base-uri 'self'",
@ -40,7 +42,9 @@ defp csp_string do
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'",
if @protocol == "https" do
"upgrade-insecure-requests"
end
]
|> Enum.join("; ")
end