mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-27 13:47:58 +01:00
add csp, add global last button
This commit is contained in:
parent
6329b01e38
commit
2d9b85d686
4 changed files with 28 additions and 6 deletions
|
@ -21,8 +21,6 @@ defmodule PhilomenaWeb.Endpoint do
|
||||||
# Code reloading can be explicitly enabled under the
|
# Code reloading can be explicitly enabled under the
|
||||||
# :code_reloader configuration of your endpoint.
|
# :code_reloader configuration of your endpoint.
|
||||||
if code_reloading? do
|
if code_reloading? do
|
||||||
socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
|
|
||||||
plug Phoenix.LiveReloader
|
|
||||||
plug Phoenix.CodeReloader
|
plug Phoenix.CodeReloader
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
26
lib/philomena_web/plugs/content_security_policy_plug.ex
Normal file
26
lib/philomena_web/plugs/content_security_policy_plug.ex
Normal file
|
@ -0,0 +1,26 @@
|
||||||
|
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||||
|
alias Plug.Conn
|
||||||
|
|
||||||
|
def init([]) do
|
||||||
|
cdn_uri = cdn_uri()
|
||||||
|
camo_uri = camo_uri()
|
||||||
|
|
||||||
|
csp_value =
|
||||||
|
"default-src 'self' #{cdn_uri}; object-src 'none'; " <>
|
||||||
|
"frame-ancestors 'none'; frame-src 'none'; form-action 'self'; " <>
|
||||||
|
"manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
|
||||||
|
"block-all-mixed-content"
|
||||||
|
|
||||||
|
[csp_value: csp_value]
|
||||||
|
end
|
||||||
|
|
||||||
|
def call(conn, [csp_value: csp_value]) do
|
||||||
|
Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
|
||||||
|
end
|
||||||
|
|
||||||
|
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
|
||||||
|
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
|
||||||
|
|
||||||
|
defp to_uri(host) when host in [nil, ""], do: ""
|
||||||
|
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
|
||||||
|
end
|
|
@ -9,6 +9,7 @@ defmodule PhilomenaWeb.Router do
|
||||||
plug :fetch_flash
|
plug :fetch_flash
|
||||||
plug :protect_from_forgery
|
plug :protect_from_forgery
|
||||||
plug :put_secure_browser_headers
|
plug :put_secure_browser_headers
|
||||||
|
plug PhilomenaWeb.ContentSecurityPolicyPlug
|
||||||
plug PhilomenaWeb.CurrentFilterPlug
|
plug PhilomenaWeb.CurrentFilterPlug
|
||||||
plug PhilomenaWeb.ImageFilterPlug
|
plug PhilomenaWeb.ImageFilterPlug
|
||||||
plug PhilomenaWeb.PaginationPlug
|
plug PhilomenaWeb.PaginationPlug
|
||||||
|
|
|
@ -1,5 +1,4 @@
|
||||||
- params = assigns[:params] || []
|
- params = assigns[:params] || []
|
||||||
- last = assigns[:last] || false
|
|
||||||
|
|
||||||
= if @page.total_pages > 1 do
|
= if @page.total_pages > 1 do
|
||||||
nav.pagination
|
nav.pagination
|
||||||
|
@ -25,6 +24,4 @@
|
||||||
|
|
||||||
= if not last_page?(@page) do
|
= if not last_page?(@page) do
|
||||||
= link("Next ›", to: next_page_path(@page, @route, params), class: "js-next")
|
= link("Next ›", to: next_page_path(@page, @route, params), class: "js-next")
|
||||||
|
|
||||||
= if last do
|
|
||||||
= link("Last »", to: last_page_path(@page, @route, params))
|
= link("Last »", to: last_page_path(@page, @route, params))
|
Loading…
Reference in a new issue