hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Fix CSP issues in production

Browse Source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2021-01-26 16:39:50 +01:00
parent c596d7e478
commit e933004daf
4 changed files with 14 additions and 14 deletions
Download Patch File Download Diff File Expand all files Collapse all files

11
lib/web/plugs/http_security_plug.ex
View File

@@ -60,19 +60,14 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
if Config.get(:env) == :dev do
"script-src 'self' 'unsafe-eval' 'unsafe-inline' "
else
"script-src 'self' "
"script-src 'self' 'unsafe-eval' 'sha256-4RS22DYeB7U14dra4KcQYxmwt5HkOInieXK1NUMBmQI=' "
end
script_src = [script_src] ++ Config.get([:http_security, :csp_policy, :script_src])
style_src =
if Config.get(:env) == :dev do
"style-src 'self' 'unsafe-inline' "
else
"style-src 'self' "
end
style_src = [style_src] ++ Config.get([:http_security, :csp_policy, :style_src])
["style-src 'self' 'unsafe-inline' "] ++
Config.get([:http_security, :csp_policy, :style_src])
font_src = ["font-src 'self' "] ++ Config.get([:http_security, :csp_policy, :font_src])