mirror of
https://github.com/philomena-dev/philomena.git
synced 2024-12-18 06:57:59 +01:00
29 lines
801 B
Elixir
29 lines
801 B
Elixir
defmodule PhilomenaWeb.CaptchaPlug do
|
|
alias PhilomenaWeb.ContentSecurityPolicyPlug
|
|
|
|
@hcaptcha_url ["https://hcaptcha.com", "https://*.hcaptcha.com"]
|
|
|
|
def init(_opts) do
|
|
[]
|
|
end
|
|
|
|
# Set CSP headers for serving captchas.
|
|
# Only holepunch CSP if the user is not signed in.
|
|
@spec call(Plug.Conn.t(), any()) :: Plug.Conn.t()
|
|
def call(conn, _opts) do
|
|
user = conn.assigns.current_user
|
|
|
|
maybe_assign_csp_headers(conn, user)
|
|
end
|
|
|
|
defp maybe_assign_csp_headers(conn, nil) do
|
|
conn
|
|
|> ContentSecurityPolicyPlug.permit_source(:script_src, @hcaptcha_url)
|
|
|> ContentSecurityPolicyPlug.permit_source(:frame_src, @hcaptcha_url)
|
|
|> ContentSecurityPolicyPlug.permit_source(:style_src, @hcaptcha_url)
|
|
end
|
|
|
|
defp maybe_assign_csp_headers(conn, _user) do
|
|
conn
|
|
end
|
|
end
|