csp plug: add sts support

author: William Pitcock <nenolod@dereferenced.org> 2018-11-11 06:50:28 +0000
committer: William Pitcock <nenolod@dereferenced.org> 2018-11-11 06:50:28 +0000
commit: 331cf6ada1e4df51b366c79126e094ee335dd684 (patch)
tree: a2bb92581a184d29d9a30fbe36074dbe48e4bf30 /lib
parent: a2bf5426cb84940dbd58aec10a7b1b0a90f26a60 (diff)
download: pleroma-331cf6ada1e4df51b366c79126e094ee335dd684.tar.gz
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex
index 15d466c36..56f2376ee 100644
--- a/lib/pleroma/plugs/csp_plug.ex
+++ b/lib/pleroma/plugs/csp_plug.ex
@@ -1,10 +1,17 @@
 defmodule Pleroma.Plugs.CSPPlug do
+  alias Pleroma.Config
   import Plug.Conn
 
   def init(opts), do: opts
 
   def call(conn, options) do
-    conn = merge_resp_headers(conn, headers())
+    if Config.get([:csp, :enabled]) do
+      conn =
+        merge_resp_headers(conn, headers())
+        |> maybe_send_sts_header(Config.get([:csp, :sts]))
+    else
+      conn
+    end
   end
 
   defp headers do
@@ -35,4 +42,14 @@ defmodule Pleroma.Plugs.CSPPlug do
     ]
     |> Enum.join("; ")
   end
+
+  defp maybe_send_sts_header(conn, true) do
+    max_age = Config.get([:csp, :sts_max_age])
+
+    merge_resp_headers(conn, [
+      {"strict-transport-security", "max-age=#{max_age}; includeSubDomains"}
+    ])
+  end
+
+  defp maybe_send_sts_header(conn, _), do: conn
 end
author	William Pitcock <nenolod@dereferenced.org>	2018-11-11 06:50:28 +0000
committer	William Pitcock <nenolod@dereferenced.org>	2018-11-11 06:50:28 +0000
commit	331cf6ada1e4df51b366c79126e094ee335dd684 (patch)
tree	a2bb92581a184d29d9a30fbe36074dbe48e4bf30 /lib
parent	a2bf5426cb84940dbd58aec10a7b1b0a90f26a60 (diff)
download	pleroma-331cf6ada1e4df51b366c79126e094ee335dd684.tar.gz