Allow expires_at in filter requests

[akkoma] / lib / pleroma / web / plugs / http_security_plug.ex

diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index 6593347caf2a6d8281e701fccaea64bcbca7c0f8..6841b13aa35caeee7bbff998bd27832ba1836a20 100644 (file)
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -106,20 +106,17 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
     connect_src =
       if Config.get([:media_proxy, :enabled]) do
         sources = build_csp_multimedia_source_list()
-        ["connect-src 'self' blob: ", static_url, ?\s, websocket_url, ?\s, sources]
+        ["connect-src 'self' ", static_url, ?\s, websocket_url, ?\s, sources]
       else
-        ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
+        ["connect-src 'self' ", static_url, ?\s, websocket_url]
       end
 
     style_src = "style-src 'self' '#{nonce_tag}'"
-    font_src = "font-src 'self' '#{nonce_tag}' data:"
+    font_src = "font-src 'self'"
 
-    script_src =
-      if Config.get(:env) == :dev do
-        "script-src 'self' 'unsafe-eval' '#{nonce_tag}'"
-      else
-        "script-src 'self' '#{nonce_tag}'"
-      end
+    script_src = "script-src 'self' '#{nonce_tag}'"
+
+    script_src = if Mix.env() == :dev, do: [script_src, " 'unsafe-eval'"], else: script_src
 
     report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"]
     insecure = if scheme == "https", do: "upgrade-insecure-requests"