end
end
- defp headers do
+ def primary_frontend do
+ with %{"name" => frontend} <- Config.get([:frontends, :primary]),
+ available <- Config.get([:frontends, :available]),
+ %{} = primary_frontend <- Map.get(available, frontend) do
+ {:ok, primary_frontend}
+ end
+ end
+
+ def custom_http_frontend_headers do
+ with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do
+ custom_headers
+ else
+ _ -> []
+ end
+ end
+
+ def headers do
referrer_policy = Config.get([:http_security, :referrer_policy])
report_uri = Config.get([:http_security, :report_uri])
- service_worker_allowed = Config.get([:http_security, :service_worker_allowed])
+ custom_http_frontend_headers = custom_http_frontend_headers()
headers = [
{"x-xss-protection", "1; mode=block"},
{"x-content-type-options", "nosniff"},
{"referrer-policy", referrer_policy},
{"x-download-options", "noopen"},
- {"content-security-policy", csp_string()}
+ {"content-security-policy", csp_string()},
+ {"permissions-policy", "interest-cohort=()"}
]
headers =
- if service_worker_allowed do
- [{"service-worker-allowed", service_worker_allowed} | headers]
+ if custom_http_frontend_headers do
+ custom_http_frontend_headers ++ headers
else
headers
end
]
}
- [{"reply-to", Jason.encode!(report_group)} | headers]
+ [{"report-to", Jason.encode!(report_group)} | headers]
else
headers
end
{[img_src, " https:"], [media_src, " https:"]}
end
- connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
-
connect_src =
- if Config.get(:env) == :dev do
- [connect_src, " http://localhost:3035/"]
+ if Config.get([:media_proxy, :enabled]) do
+ sources = build_csp_multimedia_source_list()
+ ["connect-src 'self' blob: ", static_url, ?\s, websocket_url, ?\s, sources]
else
- connect_src
+ ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
end
script_src =
projects / akkoma / blobdiff