philomena/lib/philomena_web/plugs/content_security_policy_plug.ex

28 lines
822 B
Elixir
Raw Normal View History

2019-12-06 18:41:02 +01:00
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
alias Plug.Conn
def init(opts) do
opts
end
def call(conn, _opts) do
2019-12-06 18:41:02 +01:00
cdn_uri = cdn_uri()
camo_uri = camo_uri()
csp_value =
"default-src 'self' #{cdn_uri}; object-src 'none'; " <>
2020-01-11 05:20:19 +01:00
"frame-ancestors 'none'; frame-src 'none'; form-action 'self'; " <>
"manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
"block-all-mixed-content"
2019-12-06 18:41:02 +01:00
2020-08-16 23:45:58 +02:00
#Conn.put_resp_header(conn, "content-security-policy", csp_value)
conn
2019-12-06 18:41:02 +01:00
end
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
defp to_uri(host) when host in [nil, ""], do: ""
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
2020-01-11 05:20:19 +01:00
end