projects
/
akkoma
/ blobdiff
commit
grep
author
committer
pickaxe
?
search:
re
summary
|
shortlog
|
log
|
commit
|
commitdiff
|
tree
raw
|
inline
| side by side
Merge branch 'dismiss-notification-on-follow-request-rejection' into 'develop'
[akkoma]
/
lib
/
pleroma
/
plugs
/
http_security_plug.ex
diff --git
a/lib/pleroma/plugs/http_security_plug.ex
b/lib/pleroma/plugs/http_security_plug.ex
index 0ba412699fcaa27cc1a33bc7611b7628568a4d81..6462797b635787d39160b192c80d857e462c1482 100644
(file)
--- a/
lib/pleroma/plugs/http_security_plug.ex
+++ b/
lib/pleroma/plugs/http_security_plug.ex
@@
-1,5
+1,5
@@
# Pleroma: A lightweight social networking server
# Pleroma: A lightweight social networking server
-# Copyright © 2017-20
19
Pleroma Authors <https://pleroma.social/>
+# Copyright © 2017-20
20
Pleroma Authors <https://pleroma.social/>
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.HTTPSecurityPlug do
# SPDX-License-Identifier: AGPL-3.0-only
defmodule Pleroma.Plugs.HTTPSecurityPlug do
@@
-75,7
+75,7
@@
defmodule Pleroma.Plugs.HTTPSecurityPlug do
"default-src 'none'",
"base-uri 'self'",
"frame-ancestors 'none'",
"default-src 'none'",
"base-uri 'self'",
"frame-ancestors 'none'",
- "img-src 'self' data: https:",
+ "img-src 'self' data:
blob:
https:",
"media-src 'self' https:",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"media-src 'self' https:",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
@@
-129,8
+129,8
@@
defmodule Pleroma.Plugs.HTTPSecurityPlug do
izAotX7777777777777777777777777777777777777777Y7n92:
.;CoIIIIIUAA666666699999ZZZZZZZZZZZZZZZZZZZZ6ov.
izAotX7777777777777777777777777777777777777777Y7n92:
.;CoIIIIIUAA666666699999ZZZZZZZZZZZZZZZZZZZZ6ov.
-
-
HTTP Security is disabled. Add this line to your config to enable it
:
+HTTP Security is disabled. Please re-enable it to prevent users from attacking
+
your instance and your users via malicious posts
:
config :pleroma, :http_security, enabled: true
")
config :pleroma, :http_security, enabled: true
")