Plugs.HTTPSecurityPlug: Activate upgrade-insecure-requests only when there is https
This fixes running mastofe with MIX_ENV=dev
This commit is contained in:
parent
3370924b8b
commit
04daa0fa44
@ -29,6 +29,8 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
|||||||
end
|
end
|
||||||
|
|
||||||
defp csp_string do
|
defp csp_string do
|
||||||
|
protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
|
||||||
|
|
||||||
[
|
[
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
@ -40,7 +42,9 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
|||||||
"script-src 'self'",
|
"script-src 'self'",
|
||||||
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
|
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
|
||||||
"manifest-src 'self'",
|
"manifest-src 'self'",
|
||||||
|
if @protocol == "https" do
|
||||||
"upgrade-insecure-requests"
|
"upgrade-insecure-requests"
|
||||||
|
end
|
||||||
]
|
]
|
||||||
|> Enum.join("; ")
|
|> Enum.join("; ")
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user