diff options
| author | Mark Felder <feld@FreeBSD.org> | 2020-07-03 17:18:22 -0500 |
|---|---|---|
| committer | Mark Felder <feld@FreeBSD.org> | 2020-07-03 17:18:22 -0500 |
| commit | e9a28078ad969204faae600df3ddff8e75ed2f8a (patch) | |
| tree | e00ded9dfe6a5f3f3c5a5378ddb168a30540c2b4 /lib | |
| parent | eaa59daa4c229bf47e30ac389563c82b11378e07 (diff) | |
| download | pleroma-e9a28078ad969204faae600df3ddff8e75ed2f8a.tar.gz | |
Rename function and clarify that CSP is only strict with MediaProxy enabled
Diffstat (limited to 'lib')
| -rw-r--r-- | lib/pleroma/plugs/http_security_plug.ex | 5 |
1 files changed, 3 insertions, 2 deletions
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index f7192ebfc..23a641faf 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -69,10 +69,11 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do img_src = "img-src 'self' data: blob:" media_src = "media-src 'self'" + # Strict multimedia CSP enforcement only when MediaProxy is enabled {img_src, media_src} = if Config.get([:media_proxy, :enabled]) && !Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do - sources = get_proxy_and_attachment_sources() + sources = build_csp_multimedia_source_list() {[img_src, sources], [media_src, sources]} else {[img_src, " https:"], [media_src, " https:"]} @@ -107,7 +108,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do |> :erlang.iolist_to_binary() end - defp get_proxy_and_attachment_sources do + defp build_csp_multimedia_source_list do media_proxy_whitelist = Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc -> add_source(acc, host) |