hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix GraphiQL CSP headers

Browse Source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2021-06-28 11:57:11 +02:00
parent 6d3a6f001f
commit bac2d3188c
2 changed files with 36 additions and 18 deletions
Download Patch File Download Diff File Expand all files Collapse all files

13
lib/web/router.ex
View File

@@ -9,6 +9,16 @@ defmodule Mobilizon.Web.Router do
plug(Mobilizon.Web.Auth.Pipeline)
end
pipeline :graphiql do
plug(Mobilizon.Web.Auth.Pipeline)
plug(Mobilizon.Web.Plugs.HTTPSecurityPlug,
script_src: ["cdn.jsdelivr.net"],
style_src: ["cdn.jsdelivr.net"],
font_src: ["cdn.jsdelivr.net"]
)
end
pipeline :host_meta do
plug(:accepts, ["xrd-xml"])
end
@@ -144,7 +154,8 @@ defmodule Mobilizon.Web.Router do
## MOBILIZON
scope "/graphiql" do
pipe_through(:graphql)
pipe_through(:graphiql)
forward("/", Absinthe.Plug.GraphiQL, schema: Mobilizon.GraphQL.Schema)
end