nekojanai/akkoma
1
0
Fork 0
forked from AkkomaGang/akkoma
Code Issues Pull requests Projects Releases Packages Wiki Activity

csp plug: add support for certificate transparency

Browse source
This commit is contained in:
William Pitcock 2018-11-11 06:53:42 +00:00
parent 331cf6ada1
commit df72978dce
3 changed files with 7 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
config/config.exs
View file

@ -179,7 +179,8 @@
config :pleroma, :csp, config :pleroma, :csp,
enabled: true, enabled: true,
sts: false, sts: false,
sts_max_age: 31_536_000 sts_max_age: 31_536_000,
ct_max_age: 2_592_000
config :cors_plug, config :cors_plug,
max_age: 86_400, max_age: 86_400,

1
config/config.md
View file

@ -85,3 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
* ``enabled``: Whether the managed content security policy is enabled * ``enabled``: Whether the managed content security policy is enabled
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts``: Whether to additionally send a `Strict-Transport-Security` header
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
* ``ct_max_age``: The maximum age for the `Except-CT` header if sent

6
lib/pleroma/plugs/csp_plug.ex
View file

@ -44,10 +44,12 @@ defp csp_string do
end end
defp maybe_send_sts_header(conn, true) do defp maybe_send_sts_header(conn, true) do
max_age = Config.get([:csp, :sts_max_age]) max_age_sts = Config.get([:csp, :sts_max_age])
max_age_ct = Config.get([:csp, :ct_max_age])
merge_resp_headers(conn, [ merge_resp_headers(conn, [
{"strict-transport-security", "max-age=#{max_age}; includeSubDomains"} {"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},
{"expect-ct", "enforce, max-age=#{max_age_ct}"}
]) ])
end end