2019-11-24 19:36:21 +01:00
|
|
|
defmodule PhilomenaWeb.CaptchaPlug do
|
2020-09-12 19:43:16 +02:00
|
|
|
alias PhilomenaWeb.ContentSecurityPolicyPlug
|
2019-11-24 19:36:21 +01:00
|
|
|
|
2020-09-12 19:43:16 +02:00
|
|
|
@hcaptcha_url ["https://hcaptcha.com", "https://*.hcaptcha.com"]
|
2019-11-24 19:36:21 +01:00
|
|
|
|
2020-09-12 19:43:16 +02:00
|
|
|
def init(_opts) do
|
|
|
|
|
[]
|
2019-11-24 19:36:21 +01:00
|
|
|
end
|
|
|
|
|
|
2020-09-12 19:43:16 +02:00
|
|
|
# Set CSP headers for serving captchas.
|
|
|
|
|
# Only holepunch CSP if the user is not signed in.
|
|
|
|
|
@spec call(Plug.Conn.t(), any()) :: Plug.Conn.t()
|
|
|
|
|
def call(conn, _opts) do
|
|
|
|
|
user = conn.assigns.current_user
|
2020-01-11 05:20:19 +01:00
|
|
|
|
2020-09-12 19:43:16 +02:00
|
|
|
maybe_assign_csp_headers(conn, user)
|
2019-11-24 19:36:21 +01:00
|
|
|
end
|
2020-01-11 05:20:19 +01:00
|
|
|
|
2020-09-12 19:43:16 +02:00
|
|
|
defp maybe_assign_csp_headers(conn, nil) do
|
2020-04-11 20:23:55 +02:00
|
|
|
conn
|
2020-09-12 19:43:16 +02:00
|
|
|
|> ContentSecurityPolicyPlug.permit_source(:script_src, @hcaptcha_url)
|
|
|
|
|
|> ContentSecurityPolicyPlug.permit_source(:frame_src, @hcaptcha_url)
|
|
|
|
|
|> ContentSecurityPolicyPlug.permit_source(:style_src, @hcaptcha_url)
|
2020-04-11 20:23:55 +02:00
|
|
|
end
|
2020-07-28 22:56:26 +02:00
|
|
|
|
2020-09-12 19:43:16 +02:00
|
|
|
defp maybe_assign_csp_headers(conn, _user) do
|
|
|
|
|
conn
|
2020-07-28 22:56:26 +02:00
|
|
|
end
|
2019-11-24 19:36:21 +01:00
|
|
|
end
|
