update copyright years to 2019

[akkoma] / lib / pleroma / plugs / http_security_plug.ex

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 84d6506e3abc6d662f2842e42e03757c41bae418..2a266c407fb8131b03e0e323d67446f61a112551 100644 (file)
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -1,14 +1,18 @@
+# Pleroma: A lightweight social networking server
+# Copyright © 2017-2019 Pleroma Authors <https://pleroma.social/>
+# SPDX-License-Identifier: AGPL-3.0-only
+
 defmodule Pleroma.Plugs.HTTPSecurityPlug do
   alias Pleroma.Config
   import Plug.Conn
 
   def init(opts), do: opts
 
-  def call(conn, options) do
+  def call(conn, _options) do
     if Config.get([:http_security, :enabled]) do
-      conn =
-        merge_resp_headers(conn, headers())
-        |> maybe_send_sts_header(Config.get([:http_security, :sts]))
+      conn
+      |> merge_resp_headers(headers())
+      |> maybe_send_sts_header(Config.get([:http_security, :sts]))
     else
       conn
     end
@@ -29,6 +33,8 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
   end
 
   defp csp_string do
+    protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
+
     [
       "default-src 'none'",
       "base-uri 'self'",
@@ -40,7 +46,9 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "script-src 'self'",
       "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
       "manifest-src 'self'",
-      "upgrade-insecure-requests"
+      if protocol == "https" do
+        "upgrade-insecure-requests"
+      end
     ]
     |> Enum.join("; ")
   end