Plugs.HTTPSecurityPlug: Add static_url to CSP's connect-src
Closes: https://git.pleroma.social/pleroma/pleroma/merge_requests/469
This commit is contained in:
parent
682cc94db1
commit
fc37e5815f
@ -34,13 +34,16 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
|||||||
|
|
||||||
defp csp_string do
|
defp csp_string do
|
||||||
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
|
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
|
||||||
websocket_url = String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws")
|
static_url = Pleroma.Web.Endpoint.static_url()
|
||||||
|
websocket_url = String.replace(static_url, "http", "ws")
|
||||||
|
|
||||||
|
connect_src = "connect-src 'self' #{static_url} #{websocket_url}"
|
||||||
|
|
||||||
connect_src =
|
connect_src =
|
||||||
if Mix.env() == :dev do
|
if Mix.env() == :dev do
|
||||||
"connect-src 'self' http://localhost:3035/ " <> websocket_url
|
connect_src <> " http://localhost:3035/"
|
||||||
else
|
else
|
||||||
"connect-src 'self' " <> websocket_url
|
connect_src
|
||||||
end
|
end
|
||||||
|
|
||||||
script_src =
|
script_src =
|
||||||
|
Loading…
Reference in New Issue
Block a user