mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-27 13:47:58 +01:00
ensure CSP plug config happens at runtime, not compile time
This commit is contained in:
parent
3ba38edf0b
commit
5b760436a1
1 changed files with 5 additions and 5 deletions
|
@ -1,7 +1,11 @@
|
|||
defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
||||
alias Plug.Conn
|
||||
|
||||
def init([]) do
|
||||
def init(opts) do
|
||||
opts
|
||||
end
|
||||
|
||||
def call(conn, _opts) do
|
||||
cdn_uri = cdn_uri()
|
||||
camo_uri = camo_uri()
|
||||
|
||||
|
@ -11,10 +15,6 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
|||
"manifest-src 'self'; img-src 'self' data: #{cdn_uri} #{camo_uri}; " <>
|
||||
"block-all-mixed-content"
|
||||
|
||||
[csp_value: csp_value]
|
||||
end
|
||||
|
||||
def call(conn, csp_value: csp_value) do
|
||||
Conn.put_resp_header(conn, "content-security-policy", csp_value)
|
||||
end
|
||||
|
||||
|
|
Loading…
Reference in a new issue