commit: 3370924b8ba87354249182694cfa3b598a66e6de
parent: 39a3b1724ad5bf5828142d4e83d7cb2bbb45a0d9
Author: Haelwenn <git.pleroma.social@hacktivis.me>
Date: Mon, 26 Nov 2018 19:56:49 +0000
Merge branch 'add-manifest-src-to-csp' into 'develop'
Add manifest-src to CSP to allow manifest.json
See merge request pleroma/pleroma!474
Diffstat:
1 file changed, 1 insertion(+), 0 deletions(-)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
@@ -39,6 +39,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"font-src 'self'",
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
+ "manifest-src 'self'",
"upgrade-insecure-requests"
]
|> Enum.join("; ")