summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
authorfeld <feld@feld.me>2022-11-17 17:29:36 +0000
committerfeld <feld@feld.me>2022-11-17 17:29:36 +0000
commitbb63f72c114a8d3832ff0f24576dcc10c26fd780 (patch)
treeb84249d1dbf696f34fb1ec1d4d0164f6d854ee73
parent0e1356ef9cc8c97afcc3242cfb8182a706c85276 (diff)
parentcddcafee7f69fc832b18a66a78a7d47692553ae5 (diff)
Merge branch 'flash-support-csp' into 'develop'
Reduce CSP policy to make Ruffle work on chrome See merge request pleroma/pleroma!3389
Diffstat
-rw-r--r--CHANGELOG.md1
-rw-r--r--lib/pleroma/web/plugs/http_security_plug.ex2
2 files changed, 2 insertions, 1 deletions
diff --git a/CHANGELOG.md b/CHANGELOG.md
index 56f328234..66d01e005 100644
--- a/CHANGELOG.md
+++ b/CHANGELOG.md
@@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/).
- Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+
- Set timeout values for Oban queues. The default is infinity and some operations may not time out on their own.
- Delete activities are federated at lowest priority
+- CSP now includes wasm-unsafe-eval
### Added
- `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index cd1bae235..34895c8d5 100644
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -117,7 +117,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
if Config.get(:env) == :dev do
"script-src 'self' 'unsafe-eval'"
else
- "script-src 'self'"
+ "script-src 'self' 'wasm-unsafe-eval'"
end
report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"]
generated by cgit v1.2.3 (git 2.44.0) at 2024-05-06 14:18:49 +0000