1
0
Fork 0
forked from mirrors/akkoma

rename CSPPlug to HTTPSecurityPlug.

This commit is contained in:
William Pitcock 2018-11-12 15:08:02 +00:00
parent 5dda13ee5f
commit fe67665e19
5 changed files with 15 additions and 15 deletions

View file

@ -176,7 +176,7 @@
limit: 23, limit: 23,
web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
config :pleroma, :csp, config :pleroma, :http_security,
enabled: true, enabled: true,
sts: false, sts: false,
sts_max_age: 31_536_000, sts_max_age: 31_536_000,

View file

@ -81,7 +81,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
* ``outgoing_blocks``: Whether to federate blocks to other instances * ``outgoing_blocks``: Whether to federate blocks to other instances
* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
## :csp ## :http_security
* ``enabled``: Whether the managed content security policy is enabled * ``enabled``: Whether the managed content security policy is enabled
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts``: Whether to additionally send a `Strict-Transport-Security` header
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent

View file

@ -1,14 +1,14 @@
defmodule Pleroma.Plugs.CSPPlug do defmodule Pleroma.Plugs.HTTPSecurityPlug do
alias Pleroma.Config alias Pleroma.Config
import Plug.Conn import Plug.Conn
def init(opts), do: opts def init(opts), do: opts
def call(conn, options) do def call(conn, options) do
if Config.get([:csp, :enabled]) do if Config.get([:http_security, :enabled]) do
conn = conn =
merge_resp_headers(conn, headers()) merge_resp_headers(conn, headers())
|> maybe_send_sts_header(Config.get([:csp, :sts])) |> maybe_send_sts_header(Config.get([:http_security, :sts]))
else else
conn conn
end end
@ -44,8 +44,8 @@ defp csp_string do
end end
defp maybe_send_sts_header(conn, true) do defp maybe_send_sts_header(conn, true) do
max_age_sts = Config.get([:csp, :sts_max_age]) max_age_sts = Config.get([:http_security, :sts_max_age])
max_age_ct = Config.get([:csp, :ct_max_age]) max_age_ct = Config.get([:http_security, :ct_max_age])
merge_resp_headers(conn, [ merge_resp_headers(conn, [
{"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"}, {"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},

View file

@ -12,7 +12,7 @@ defmodule Pleroma.Web.Endpoint do
# You should set gzip to true if you are running phoenix.digest # You should set gzip to true if you are running phoenix.digest
# when deploying your static files in production. # when deploying your static files in production.
plug(CORSPlug) plug(CORSPlug)
plug(Pleroma.Plugs.CSPPlug) plug(Pleroma.Plugs.HTTPSecurityPlug)
plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false) plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false)

View file

@ -1,10 +1,10 @@
defmodule Pleroma.Web.Plugs.CSPPlugTest do defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
use Pleroma.Web.ConnCase use Pleroma.Web.ConnCase
alias Pleroma.Config alias Pleroma.Config
alias Plug.Conn alias Plug.Conn
test "it sends CSP headers when enabled", %{conn: conn} do test "it sends CSP headers when enabled", %{conn: conn} do
Config.put([:csp, :enabled], true) Config.put([:http_security, :enabled], true)
conn = conn =
conn conn
@ -20,7 +20,7 @@ test "it sends CSP headers when enabled", %{conn: conn} do
end end
test "it does not send CSP headers when disabled", %{conn: conn} do test "it does not send CSP headers when disabled", %{conn: conn} do
Config.put([:csp, :enabled], false) Config.put([:http_security, :enabled], false)
conn = conn =
conn conn
@ -36,8 +36,8 @@ test "it does not send CSP headers when disabled", %{conn: conn} do
end end
test "it sends STS headers when enabled", %{conn: conn} do test "it sends STS headers when enabled", %{conn: conn} do
Config.put([:csp, :enabled], true) Config.put([:http_security, :enabled], true)
Config.put([:csp, :sts], true) Config.put([:http_security, :sts], true)
conn = conn =
conn conn
@ -48,8 +48,8 @@ test "it sends STS headers when enabled", %{conn: conn} do
end end
test "it does not send STS headers when disabled", %{conn: conn} do test "it does not send STS headers when disabled", %{conn: conn} do
Config.put([:csp, :enabled], true) Config.put([:http_security, :enabled], true)
Config.put([:csp, :sts], false) Config.put([:http_security, :sts], false)
conn = conn =
conn conn