PonyMirrors/philomena
1
0
Fork 0
mirror of https://github.com/philomena-dev/philomena.git synced 2025-02-17 11:04:22 +01:00
Code Issues Projects Releases Packages Wiki Activity

strongly segregate domains of main site and ugc in security policy

Browse source
This commit is contained in:
byte[] 2021-03-16 20:24:58 -04:00
parent cc51981b05
commit 35e12420af
1 changed files with 3 additions and 3 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

6
lib/philomena_web/plugs/content_security_policy_plug.ex
View file

@ -23,9 +23,9 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
frame_src = Keyword.get(config, :frame_src, nil) frame_src = Keyword.get(config, :frame_src, nil)
csp_config = [ csp_config = [
{:default_src, ["'self'", cdn_uri]}, {:default_src, ["'self'"]},
{:script_src, ["'self'", cdn_uri | script_src]}, {:script_src, ["'self'" | script_src]},
{:style_src, ["'self'", cdn_uri | style_src]}, {:style_src, ["'self'" | style_src]},
{:object_src, ["'none'"]}, {:object_src, ["'none'"]},
{:frame_ancestors, ["'none'"]}, {:frame_ancestors, ["'none'"]},
{:frame_src, frame_src || ["'none'"]}, {:frame_src, frame_src || ["'none'"]},