|
@@ -34,13 +34,16 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do |
|
|
|
|
|
|
|
|
defp csp_string do |
|
|
defp csp_string do |
|
|
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] |
|
|
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] |
|
|
websocket_url = String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws") |
|
|
|
|
|
|
|
|
static_url = Pleroma.Web.Endpoint.static_url() |
|
|
|
|
|
websocket_url = String.replace(static_url, "http", "ws") |
|
|
|
|
|
|
|
|
|
|
|
connect_src = "connect-src 'self' #{static_url} #{websocket_url}" |
|
|
|
|
|
|
|
|
connect_src = |
|
|
connect_src = |
|
|
if Mix.env() == :dev do |
|
|
if Mix.env() == :dev do |
|
|
"connect-src 'self' http://localhost:3035/ " <> websocket_url |
|
|
|
|
|
|
|
|
connect_src <> " http://localhost:3035/" |
|
|
else |
|
|
else |
|
|
"connect-src 'self' " <> websocket_url |
|
|
|
|
|
|
|
|
connect_src |
|
|
end |
|
|
end |
|
|
|
|
|
|
|
|
script_src = |
|
|
script_src = |
|
|