Rename function and clarify that CSP is only strict with MediaProxy enabled
This commit is contained in:
parent
eaa59daa4c
commit
e9a28078ad
1 changed files with 3 additions and 2 deletions
|
@ -69,10 +69,11 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
img_src = "img-src 'self' data: blob:"
|
img_src = "img-src 'self' data: blob:"
|
||||||
media_src = "media-src 'self'"
|
media_src = "media-src 'self'"
|
||||||
|
|
||||||
|
# Strict multimedia CSP enforcement only when MediaProxy is enabled
|
||||||
{img_src, media_src} =
|
{img_src, media_src} =
|
||||||
if Config.get([:media_proxy, :enabled]) &&
|
if Config.get([:media_proxy, :enabled]) &&
|
||||||
!Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do
|
!Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do
|
||||||
sources = get_proxy_and_attachment_sources()
|
sources = build_csp_multimedia_source_list()
|
||||||
{[img_src, sources], [media_src, sources]}
|
{[img_src, sources], [media_src, sources]}
|
||||||
else
|
else
|
||||||
{[img_src, " https:"], [media_src, " https:"]}
|
{[img_src, " https:"], [media_src, " https:"]}
|
||||||
|
@ -107,7 +108,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
|> :erlang.iolist_to_binary()
|
|> :erlang.iolist_to_binary()
|
||||||
end
|
end
|
||||||
|
|
||||||
defp get_proxy_and_attachment_sources do
|
defp build_csp_multimedia_source_list do
|
||||||
media_proxy_whitelist =
|
media_proxy_whitelist =
|
||||||
Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc ->
|
Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc ->
|
||||||
add_source(acc, host)
|
add_source(acc, host)
|
||||||
|
|
Loading…
Reference in a new issue