hamlab/mobilizon-frontend
2
0
Fork 0
Code Issues Pull Requests 1 Actions Packages Projects Releases Wiki Activity

Add CSP Policy for pictures

Browse Source 
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
Thomas Citharel
2022-11-04 09:26:45 +01:00
parent f5e81fab3f
commit e97206077c
3 changed files with 23 additions and 6 deletions
Download Patch File Download Diff File Expand all files Collapse all files

9
lib/web/plugs/http_security_plug.ex
View File

@@ -9,8 +9,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
"""
alias Mobilizon.Config
alias Mobilizon.Service.FrontEndAnalytics
alias Mobilizon.Service.GlobalSearch
alias Mobilizon.Service.{FrontEndAnalytics, GlobalSearch, Pictures}
import Plug.Conn
require Logger
@@ -142,7 +141,11 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
config_policy = Keyword.get(options, type, Config.get([:http_security, :csp_policy, type]))
front_end_analytics_policy = [Keyword.get(FrontEndAnalytics.csp(), type, [])]
global_search_policy = [Keyword.get(GlobalSearch.service().csp(), type, [])]
pictures_policy = [Keyword.get(Pictures.service().csp(), type, [])]
Enum.join(config_policy ++ front_end_analytics_policy ++ global_search_policy, " ")
Enum.join(
config_policy ++ front_end_analytics_policy ++ global_search_policy ++ pictures_policy,
" "
)
end
end