add csp, add global last button

2024-11-23 20:18:00 +01:00 · 2019-12-06 12:41:02 -05:00 · 2019-12-06 12:41:02 -05:00 · 2d9b85d686
commit 2d9b85d686
parent 6329b01e38
4 changed files with 28 additions and 6 deletions
--- a/lib/philomena_web/endpoint.ex
+++ b/lib/philomena_web/endpoint.ex
@ -21,8 +21,6 @@ defmodule PhilomenaWeb.Endpoint do
  # Code reloading can be explicitly enabled under the
  # :code_reloader configuration of your endpoint.
  if code_reloading? do
-    socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
-    plug Phoenix.LiveReloader
    plug Phoenix.CodeReloader
  end

--- a/lib/philomena_web/plugs/content_security_policy_plug.ex
+++ b/lib/philomena_web/plugs/content_security_policy_plug.ex
@ -0,0 +1,26 @@
+defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
+  alias Plug.Conn
+
+  def init([]) do
+    cdn_uri = cdn_uri()
+    camo_uri = camo_uri()
+
+    csp_value =
+      "default-src 'self' #{cdn_uri}; object-src 'none'; " <>
+      "frame-ancestors 'none'; frame-src 'none'; form-action 'self'; " <>
+      "manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
+      "block-all-mixed-content"
+
+    [csp_value: csp_value]
+  end
+
+  def call(conn, [csp_value: csp_value]) do
+    Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
+  end
+
+  defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
+  defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
+
+  defp to_uri(host) when host in [nil, ""], do: ""
+  defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
+end
--- a/lib/philomena_web/router.ex
+++ b/lib/philomena_web/router.ex
@ -9,6 +9,7 @@ defmodule PhilomenaWeb.Router do
    plug :fetch_flash
    plug :protect_from_forgery
    plug :put_secure_browser_headers
+    plug PhilomenaWeb.ContentSecurityPolicyPlug
    plug PhilomenaWeb.CurrentFilterPlug
    plug PhilomenaWeb.ImageFilterPlug
    plug PhilomenaWeb.PaginationPlug
--- a/lib/philomena_web/templates/pagination/_pagination.html.slime
+++ b/lib/philomena_web/templates/pagination/_pagination.html.slime
@ -1,5 +1,4 @@
 - params = assigns[:params] || []
- last = assigns[:last] || false

 = if @page.total_pages > 1 do
  nav.pagination
@ -25,6 +24,4 @@

    = if not last_page?(@page) do
      = link("Next ›", to: next_page_path(@page, @route, params), class: "js-next")
-
-      = if last do
-        = link("Last »", to: last_page_path(@page, @route, params))
+      = link("Last »", to: last_page_path(@page, @route, params))