mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-11-23 20:18:00 +01:00
Relax CSP on development error pages (#238)
This commit is contained in:
parent
b1a23292fa
commit
77548057e8
2 changed files with 15 additions and 1 deletions
|
@ -134,10 +134,16 @@ if config_env() == :prod do
|
|||
url: [host: System.fetch_env!("APP_HOSTNAME"), scheme: "https", port: 443],
|
||||
secret_key_base: System.fetch_env!("SECRET_KEY_BASE"),
|
||||
server: not is_nil(System.get_env("START_ENDPOINT"))
|
||||
|
||||
# Do not relax CSP in production
|
||||
config :philomena, csp_relaxed: false
|
||||
else
|
||||
# Don't send email in development
|
||||
config :philomena, Philomena.Mailer, adapter: Bamboo.LocalAdapter
|
||||
|
||||
# Use this to debug slime templates
|
||||
# config :slime, :keep_lines, true
|
||||
|
||||
# Relax CSP rules in development and test servers
|
||||
config :philomena, csp_relaxed: true
|
||||
end
|
||||
|
|
|
@ -41,7 +41,13 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
|||
|> Enum.map(&cspify_element/1)
|
||||
|> Enum.join("; ")
|
||||
|
||||
if conn.status == 500 and allow_relaxed_csp() do
|
||||
# Allow Plug.Debugger to function in this case
|
||||
delete_resp_header(conn, "content-security-policy")
|
||||
else
|
||||
# Enforce CSP otherwise
|
||||
put_resp_header(conn, "content-security-policy", csp_value)
|
||||
end
|
||||
end)
|
||||
end
|
||||
|
||||
|
@ -69,4 +75,6 @@ defmodule PhilomenaWeb.ContentSecurityPolicyPlug do
|
|||
|
||||
Enum.join([key | value], " ")
|
||||
end
|
||||
|
||||
defp allow_relaxed_csp, do: Application.get_env(:philomena, :csp_relaxed, false)
|
||||
end
|
||||
|
|
Loading…
Reference in a new issue