Use url[:scheme] instead of protocol to determine if https is enabled

This commit is contained in:
shibayashi 2019-02-12 00:08:52 +01:00
parent 39548c3824
commit ea1058929c
No known key found for this signature in database
GPG Key ID: C10662A33EB28508

View File

@ -33,7 +33,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
end end
defp csp_string do defp csp_string do
protocol = Config.get([Pleroma.Web.Endpoint, :protocol]) scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
[ [
"default-src 'none'", "default-src 'none'",
@ -46,7 +46,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"script-src 'self'", "script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'", "manifest-src 'self'",
if protocol == "https" do if scheme == "https" do
"upgrade-insecure-requests" "upgrade-insecure-requests"
end end
] ]