HTTP Security plug: make starting csp string generation more readable

2020-05-29 12:32:48 +03:00 · 2020-05-29 12:32:48 +03:00 · 27180611df
commit 27180611df
parent 29ff6d414b
1 changed files with 10 additions and 11 deletions
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@ -49,17 +49,16 @@ defp headers do
    end
  end

-  @csp_start [
-               "default-src 'none'",
-               "base-uri 'self'",
-               "frame-ancestors 'none'",
-               "style-src 'self' 'unsafe-inline'",
-               "font-src 'self'",
-               "manifest-src 'self'"
-             ]
-             |> Enum.join(";")
-             |> Kernel.<>(";")
-             |> List.wrap()
+  static_csp_rules = [
+    "default-src 'none'",
+    "base-uri 'self'",
+    "frame-ancestors 'none'",
+    "style-src 'self' 'unsafe-inline'",
+    "font-src 'self'",
+    "manifest-src 'self'"
+  ]
+
+  @csp_start [Enum.join(static_csp_rules, ";") <> ";"]

  defp csp_string do
    scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]