mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-27 13:47:58 +01:00
add csp, add global last button
This commit is contained in:
parent
6329b01e38
commit
2d9b85d686
4 changed files with 28 additions and 6 deletions
|
@ -21,8 +21,6 @@ defmodule PhilomenaWeb.Endpoint do
|
|||
# Code reloading can be explicitly enabled under the
|
||||
# :code_reloader configuration of your endpoint.
|
||||
if code_reloading? do
|
||||
socket "/phoenix/live_reload/socket", Phoenix.LiveReloader.Socket
|
||||
plug Phoenix.LiveReloader
|
||||
plug Phoenix.CodeReloader
|
||||
end
|
||||
|
||||
|
|
26
lib/philomena_web/plugs/content_security_policy_plug.ex
Normal file
26
lib/philomena_web/plugs/content_security_policy_plug.ex
Normal file
|
@ -0,0 +1,26 @@
|
|||
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||
alias Plug.Conn
|
||||
|
||||
def init([]) do
|
||||
cdn_uri = cdn_uri()
|
||||
camo_uri = camo_uri()
|
||||
|
||||
csp_value =
|
||||
"default-src 'self' #{cdn_uri}; object-src 'none'; " <>
|
||||
"frame-ancestors 'none'; frame-src 'none'; form-action 'self'; " <>
|
||||
"manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
|
||||
"block-all-mixed-content"
|
||||
|
||||
[csp_value: csp_value]
|
||||
end
|
||||
|
||||
def call(conn, [csp_value: csp_value]) do
|
||||
Conn.put_resp_header(conn, "Content-Security-Policy", csp_value)
|
||||
end
|
||||
|
||||
defp cdn_uri, do: Application.get_env(:philomena, :cdn_host) |> to_uri()
|
||||
defp camo_uri, do: Application.get_env(:philomena, :camo_host) |> to_uri()
|
||||
|
||||
defp to_uri(host) when host in [nil, ""], do: ""
|
||||
defp to_uri(host), do: URI.to_string(%URI{scheme: "https", host: host})
|
||||
end
|
|
@ -9,6 +9,7 @@ defmodule PhilomenaWeb.Router do
|
|||
plug :fetch_flash
|
||||
plug :protect_from_forgery
|
||||
plug :put_secure_browser_headers
|
||||
plug PhilomenaWeb.ContentSecurityPolicyPlug
|
||||
plug PhilomenaWeb.CurrentFilterPlug
|
||||
plug PhilomenaWeb.ImageFilterPlug
|
||||
plug PhilomenaWeb.PaginationPlug
|
||||
|
|
|
@ -1,5 +1,4 @@
|
|||
- params = assigns[:params] || []
|
||||
- last = assigns[:last] || false
|
||||
|
||||
= if @page.total_pages > 1 do
|
||||
nav.pagination
|
||||
|
@ -25,6 +24,4 @@
|
|||
|
||||
= if not last_page?(@page) do
|
||||
= link("Next ›", to: next_page_path(@page, @route, params), class: "js-next")
|
||||
|
||||
= if last do
|
||||
= link("Last »", to: last_page_path(@page, @route, params))
|
Loading…
Reference in a new issue