Refactor CSP config by using Pleroma's HTTPSecurityPlug

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-01-25 15:55:52 +01:00
parent c5fd2e185b
commit e0e46a81e3
4 changed files with 143 additions and 9 deletions
--- a/lib/web/endpoint.ex
+++ b/lib/web/endpoint.ex
@@ -6,6 +6,7 @@ defmodule Mobilizon.Web.Endpoint do
  use Absinthe.Phoenix.Endpoint

  plug(Mobilizon.Web.Plugs.SetLocalePlug)
+  plug(Mobilizon.Web.Plugs.HTTPSecurityPlug)

  # For e2e tests
  if Application.get_env(:mobilizon, :sql_sandbox) do
@@ -75,4 +76,9 @@ defmodule Mobilizon.Web.Endpoint do
  )

  plug(Mobilizon.Web.Router)
+
+  @spec websocket_url :: String.t()
+  def websocket_url do
+    String.replace_leading(url(), "http", "ws")
+  end
 end