PonyMirrors/philomena
1
0
Fork 0
mirror of https://github.com/philomena-dev/philomena.git synced 2024-11-23 20:18:00 +01:00
Code Issues Projects Releases Packages Wiki Activity

ensure CSP plug config happens at runtime, not compile time

Browse source
This commit is contained in:
byte[] 2020-08-06 13:27:56 -04:00
parent 3ba38edf0b
commit 5b760436a1
1 changed files with 5 additions and 5 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

10
lib/philomena_web/plugs/content_security_policy_plug.ex
View file

@ -1,7 +1,11 @@
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
alias Plug.Conn alias Plug.Conn
def init([]) do def init(opts) do
opts
end
def call(conn, _opts) do
cdn_uri = cdn_uri() cdn_uri = cdn_uri()
camo_uri = camo_uri() camo_uri = camo_uri()
@ -11,10 +15,6 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
"manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <> "manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
"block-all-mixed-content" "block-all-mixed-content"
[csp_value: csp_value]
end
def call(conn, csp_value: csp_value) do
Conn.put_resp_header(conn, "content-security-policy", csp_value) Conn.put_resp_header(conn, "content-security-policy", csp_value)
end end