commit: 7fcaa188a0be4bc8e41790ddda9b6789cb318347
parent 133644dfa2e46dc48980ae6f835b7aa2758b4250
Author: eugenijm <eugenijm@protonmail.com>
Date: Thu, 21 Jan 2021 14:58:18 +0300
Allow to define custom HTTP headers per each frontend
Diffstat:
5 files changed, 39 insertions(+), 15 deletions(-)
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -35,7 +35,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- OAuth improvements and fixes: more secure session-based authentication (by token that could be revoked anytime), ability to revoke belonging OAuth token from any client etc.
- Ability to set ActivityPub aliases for follower migration.
- Configurable background job limits for RichMedia (link previews) and MediaProxyWarmingPolicy
-- Ability to set the `Service-Worker-Allowed` header
+- Ability to define custom HTTP headers per each frontend
<details>
<summary>API Changes</summary>
diff --git a/config/config.exs b/config/config.exs
@@ -723,7 +723,10 @@ config :pleroma, :frontends,
"git" => "https://git.pleroma.social/pleroma/fedi-fe",
"build_url" =>
"https://git.pleroma.social/pleroma/fedi-fe/-/jobs/artifacts/${ref}/download?job=build",
- "ref" => "master"
+ "ref" => "master",
+ "custom-http-headers" => [
+ {"service-worker-allowed", "/"}
+ ]
},
"admin-fe" => %{
"name" => "admin-fe",
diff --git a/config/description.exs b/config/description.exs
@@ -60,6 +60,12 @@ frontend_options = [
label: "Build directory",
type: :string,
description: "The directory inside the zip file "
+ },
+ %{
+ key: "custom-http-headers",
+ label: "Custom HTTP headers",
+ type: {:list, :string},
+ description: "The custom HTTP headers for the frontend"
}
]
@@ -1749,14 +1755,6 @@ config :pleroma, :config_description, [
type: :string,
description: "Adds the specified URL to report-uri and report-to group in CSP header",
suggestions: ["https://example.com/report-uri"]
- },
- %{
- key: :service_worker_allowed,
- label: "The Service-Worker-Allowed header",
- type: :string,
- description:
- "Sets the Service-Worker-Allowed header which limits the maximum allowed Service Worker scope",
- suggestions: ["/"]
}
]
},
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -20,10 +20,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
end
end
- defp headers do
+ def primary_frontend do
+ with %{"name" => frontend} <- Config.get([:frontends, :primary]),
+ available <- Config.get([:frontends, :available]),
+ %{} = primary_frontend <- Map.get(available, frontend) do
+ {:ok, primary_frontend}
+ end
+ end
+
+ def custom_http_frontend_headers do
+ with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do
+ custom_headers
+ else
+ _ -> []
+ end
+ end
+
+ def headers do
referrer_policy = Config.get([:http_security, :referrer_policy])
report_uri = Config.get([:http_security, :report_uri])
- service_worker_allowed = Config.get([:http_security, :service_worker_allowed])
+ custom_http_frontend_headers = custom_http_frontend_headers()
headers = [
{"x-xss-protection", "1; mode=block"},
@@ -36,8 +52,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
]
headers =
- if service_worker_allowed do
- [{"service-worker-allowed", service_worker_allowed} | headers]
+ if custom_http_frontend_headers do
+ custom_http_frontend_headers ++ headers
else
headers
end
diff --git a/test/pleroma/web/plugs/http_security_plug_test.exs b/test/pleroma/web/plugs/http_security_plug_test.exs
@@ -75,7 +75,14 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
test "it sets the Service-Worker-Allowed header", %{conn: conn} do
clear_config([:http_security, :enabled], true)
- clear_config([:http_security, :service_worker_allowed], "/")
+ clear_config([:frontends, :primary], %{"name" => "fedi-fe", "ref" => "develop"})
+
+ clear_config([:frontends, :available], %{
+ "fedi-fe" => %{
+ "name" => "fedi-fe",
+ "custom-http-headers" => [{"service-worker-allowed", "/"}]
+ }
+ })
conn = get(conn, "/api/v1/instance")
assert Conn.get_resp_header(conn, "service-worker-allowed") == ["/"]
