commit: c3762d0148601b962921c603a8d351bcda9a08d3
parent: 0b41dad7193197750c4f4da862d52aebf83529eb
Author: Haelwenn (lanodan) Monnier <contact@hacktivis.me>
Date: Sat, 2 Feb 2019 19:06:26 +0100
Plugs.HTTPSecurityPlug: Add webpacker to connect-src
Diffstat:
1 file changed, 8 insertions(+), 1 deletion(-)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
@@ -34,6 +34,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
defp csp_string do
protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
+ websocket_url = String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws")
[
"default-src 'none'",
@@ -43,10 +44,16 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"media-src 'self' https:",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
- "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'",
if Mix.env() == :dev do
"script-src 'self' 'unsafe-eval'"
+ else
+ "script-src 'self'"
+ end,
+ if Mix.env() == :dev do
+ "connect-src 'self' " <> websocket_url
+ else
+ "connect-src 'self' http://localhost:3035/ " <> websocket_url
end,
if protocol == "https" do
"upgrade-insecure-requests"