commit: c71b3a1b124f5dba23ebe812289868aa4983d8a8
parent: e1983fca8d3fa7859bf065ec8e1f6c65da085788
Author: Haelwenn <contact+git.pleroma.social@hacktivis.me>
Date: Tue, 12 Feb 2019 02:44:23 +0000
Merge branch 'fix-csp-upgrade-insecure-requests-check' into 'develop'
Fix CSP check for 'upgrade-insecure-requests'
See merge request pleroma/pleroma!814
Diffstat:
1 file changed, 2 insertions(+), 2 deletions(-)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
@@ -33,7 +33,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
end
defp csp_string do
- protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
+ scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
[
"default-src 'none'",
@@ -46,7 +46,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'",
- if protocol == "https" do
+ if scheme == "https" do
"upgrade-insecure-requests"
end
]