forked from mirrors/akkoma
rename CSPPlug to HTTPSecurityPlug.
This commit is contained in:
parent
5dda13ee5f
commit
fe67665e19
|
@ -176,7 +176,7 @@
|
||||||
limit: 23,
|
limit: 23,
|
||||||
web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
|
web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
|
||||||
|
|
||||||
config :pleroma, :csp,
|
config :pleroma, :http_security,
|
||||||
enabled: true,
|
enabled: true,
|
||||||
sts: false,
|
sts: false,
|
||||||
sts_max_age: 31_536_000,
|
sts_max_age: 31_536_000,
|
||||||
|
|
|
@ -81,7 +81,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
|
||||||
* ``outgoing_blocks``: Whether to federate blocks to other instances
|
* ``outgoing_blocks``: Whether to federate blocks to other instances
|
||||||
* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
|
* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
|
||||||
|
|
||||||
## :csp
|
## :http_security
|
||||||
* ``enabled``: Whether the managed content security policy is enabled
|
* ``enabled``: Whether the managed content security policy is enabled
|
||||||
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
|
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
|
||||||
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
|
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
|
||||||
|
|
|
@ -1,14 +1,14 @@
|
||||||
defmodule Pleroma.Plugs.CSPPlug do
|
defmodule Pleroma.Plugs.HTTPSecurityPlug do
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
|
|
||||||
def init(opts), do: opts
|
def init(opts), do: opts
|
||||||
|
|
||||||
def call(conn, options) do
|
def call(conn, options) do
|
||||||
if Config.get([:csp, :enabled]) do
|
if Config.get([:http_security, :enabled]) do
|
||||||
conn =
|
conn =
|
||||||
merge_resp_headers(conn, headers())
|
merge_resp_headers(conn, headers())
|
||||||
|> maybe_send_sts_header(Config.get([:csp, :sts]))
|
|> maybe_send_sts_header(Config.get([:http_security, :sts]))
|
||||||
else
|
else
|
||||||
conn
|
conn
|
||||||
end
|
end
|
||||||
|
@ -44,8 +44,8 @@ defp csp_string do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp maybe_send_sts_header(conn, true) do
|
defp maybe_send_sts_header(conn, true) do
|
||||||
max_age_sts = Config.get([:csp, :sts_max_age])
|
max_age_sts = Config.get([:http_security, :sts_max_age])
|
||||||
max_age_ct = Config.get([:csp, :ct_max_age])
|
max_age_ct = Config.get([:http_security, :ct_max_age])
|
||||||
|
|
||||||
merge_resp_headers(conn, [
|
merge_resp_headers(conn, [
|
||||||
{"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},
|
{"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},
|
|
@ -12,7 +12,7 @@ defmodule Pleroma.Web.Endpoint do
|
||||||
# You should set gzip to true if you are running phoenix.digest
|
# You should set gzip to true if you are running phoenix.digest
|
||||||
# when deploying your static files in production.
|
# when deploying your static files in production.
|
||||||
plug(CORSPlug)
|
plug(CORSPlug)
|
||||||
plug(Pleroma.Plugs.CSPPlug)
|
plug(Pleroma.Plugs.HTTPSecurityPlug)
|
||||||
|
|
||||||
plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false)
|
plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false)
|
||||||
|
|
||||||
|
|
|
@ -1,10 +1,10 @@
|
||||||
defmodule Pleroma.Web.Plugs.CSPPlugTest do
|
defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
|
||||||
use Pleroma.Web.ConnCase
|
use Pleroma.Web.ConnCase
|
||||||
alias Pleroma.Config
|
alias Pleroma.Config
|
||||||
alias Plug.Conn
|
alias Plug.Conn
|
||||||
|
|
||||||
test "it sends CSP headers when enabled", %{conn: conn} do
|
test "it sends CSP headers when enabled", %{conn: conn} do
|
||||||
Config.put([:csp, :enabled], true)
|
Config.put([:http_security, :enabled], true)
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
||||||
|
@ -20,7 +20,7 @@ test "it sends CSP headers when enabled", %{conn: conn} do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it does not send CSP headers when disabled", %{conn: conn} do
|
test "it does not send CSP headers when disabled", %{conn: conn} do
|
||||||
Config.put([:csp, :enabled], false)
|
Config.put([:http_security, :enabled], false)
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
||||||
|
@ -36,8 +36,8 @@ test "it does not send CSP headers when disabled", %{conn: conn} do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it sends STS headers when enabled", %{conn: conn} do
|
test "it sends STS headers when enabled", %{conn: conn} do
|
||||||
Config.put([:csp, :enabled], true)
|
Config.put([:http_security, :enabled], true)
|
||||||
Config.put([:csp, :sts], true)
|
Config.put([:http_security, :sts], true)
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
||||||
|
@ -48,8 +48,8 @@ test "it sends STS headers when enabled", %{conn: conn} do
|
||||||
end
|
end
|
||||||
|
|
||||||
test "it does not send STS headers when disabled", %{conn: conn} do
|
test "it does not send STS headers when disabled", %{conn: conn} do
|
||||||
Config.put([:csp, :enabled], true)
|
Config.put([:http_security, :enabled], true)
|
||||||
Config.put([:csp, :sts], false)
|
Config.put([:http_security, :sts], false)
|
||||||
|
|
||||||
conn =
|
conn =
|
||||||
conn
|
conn
|
Loading…
Reference in a new issue