logo

pleroma

My custom branche(s) on git.pleroma.social/pleroma/pleroma
commit: c71b3a1b124f5dba23ebe812289868aa4983d8a8
parent: e1983fca8d3fa7859bf065ec8e1f6c65da085788
Author: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date:   Tue, 12 Feb 2019 02:44:23 +0000

Merge branch 'fix-csp-upgrade-insecure-requests-check' into 'develop'

Fix CSP check for 'upgrade-insecure-requests'

See merge request pleroma/pleroma!814

Diffstat:

Mlib/pleroma/plugs/http_security_plug.ex4++--
1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex @@ -33,7 +33,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do end defp csp_string do - protocol = Config.get([Pleroma.Web.Endpoint, :protocol]) + scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] [ "default-src 'none'", @@ -46,7 +46,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do "script-src 'self'", "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "manifest-src 'self'", - if protocol == "https" do + if scheme == "https" do "upgrade-insecure-requests" end ]