diff options
author | lain <lain@soykaf.club> | 2021-03-02 19:54:30 +0000 |
---|---|---|
committer | lain <lain@soykaf.club> | 2021-03-02 19:54:30 +0000 |
commit | b221d77a6da07c684bdbc63ddf4500e0d7ffeae8 (patch) | |
tree | 0015c7c3ea57f7340fbf80fd230a5f5e1c548148 /lib/pleroma/web/plugs/http_security_plug.ex | |
parent | c2186a62d54043ea9638d33f80c7576aba9783e8 (diff) | |
parent | 0a589c887bd4215e7d443a34c194fd0a3bde8f72 (diff) |
Merge branch 'release/2.3.0' into 'stable'
Release/2.3.0
See merge request pleroma/pleroma!3354
Diffstat (limited to 'lib/pleroma/web/plugs/http_security_plug.ex')
-rw-r--r-- | lib/pleroma/web/plugs/http_security_plug.ex | 28 |
1 files changed, 26 insertions, 2 deletions
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 45aaf188e..0025b042a 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -1,5 +1,5 @@ # Pleroma: A lightweight social networking server -# Copyright © 2017-2020 Pleroma Authors <https://pleroma.social/> +# Copyright © 2017-2021 Pleroma Authors <https://pleroma.social/> # SPDX-License-Identifier: AGPL-3.0-only defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do @@ -20,9 +20,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do end end - defp headers do + def primary_frontend do + with %{"name" => frontend} <- Config.get([:frontends, :primary]), + available <- Config.get([:frontends, :available]), + %{} = primary_frontend <- Map.get(available, frontend) do + {:ok, primary_frontend} + end + end + + def custom_http_frontend_headers do + with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do + custom_headers + else + _ -> [] + end + end + + def headers do referrer_policy = Config.get([:http_security, :referrer_policy]) report_uri = Config.get([:http_security, :report_uri]) + custom_http_frontend_headers = custom_http_frontend_headers() headers = [ {"x-xss-protection", "1; mode=block"}, @@ -34,6 +51,13 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do {"content-security-policy", csp_string()} ] + headers = + if custom_http_frontend_headers do + custom_http_frontend_headers ++ headers + else + headers + end + if report_uri do report_group = %{ "group" => "csp-endpoint", |