add csp, add global last button

This commit is contained in:
byte[] 2019-12-06 12:41:02 -05:00
parent 6329b01e38
commit 2d9b85d686
4 changed files with 28 additions and 6 deletions

View file

@ -21,8 +21,6 @@ defmodule PhilomenaWeb.Endpoint do
# Code reloading can be explicitly enabled under the
# :code_reloader configuration of your endpoint.
if code_reloading? do
socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
plug Phoenix.LiveReloader
plug Phoenix.CodeReloader
end

View file

@ -0,0 +1,26 @@
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
alias Plug.Conn
def init([]) do
cdn_uri = cdn_uri()
camo_uri = camo_uri()
csp_value =
"default-src 'self' #{cdn_uri}; object-src 'none'; " <>
"frame-ancestors 'none'; frame-src 'none'; form-action 'self'; " <>
"manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
"block-all-mixed-content"
[csp_value: csp_value]
end
def call(conn, [csp_value: csp_value]) do
Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
end
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
defp to_uri(host) when host in [nil, ""], do: ""
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
end

View file

@ -9,6 +9,7 @@ defmodule PhilomenaWeb.Router do
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers
plug PhilomenaWeb.ContentSecurityPolicyPlug
plug PhilomenaWeb.CurrentFilterPlug
plug PhilomenaWeb.ImageFilterPlug
plug PhilomenaWeb.PaginationPlug

View file

@ -1,5 +1,4 @@
- params = assigns[:params] || []
- last = assigns[:last] || false
= if @page.total_pages > 1 do
nav.pagination
@ -25,6 +24,4 @@
= if not last_page?(@page) do
= link("Next ", to: next_page_path(@page, @route, params), class: "js-next")
= if last do
= link("Last »", to: last_page_path(@page, @route, params))