config: add default parameters for CSPPlug

config/config.exs

@@ -176,6 +176,11 @@ config :pleroma, :suggestions,
   limit: 23,
   web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
 
+config :pleroma, :csp,
+  enabled: true,
+  sts: false,
+  sts_max_age: 31_536_000
+
 config :cors_plug,
   max_age: 86_400,
   methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],

config/config.md

@@ -80,3 +80,8 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``unfollow_blocked``: Whether blocks result in people getting unfollowed
 * ``outgoing_blocks``: Whether to federate blocks to other instances
 * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
+
+## :csp
+* ``enabled``: Whether the managed content security policy is enabled
+* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
+* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent