X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fhttp_security_plug.ex;h=8bc324f48ecbef8c5f5b4bfbeae07d83526743fb;hb=6302b407916fb75db3d728176eb5da605dfc8349;hp=485ddfbc72ef03263199aaa4d4abd6c16829daa1;hpb=ce47017c8927b8b2d31668d5e32e387d80739502;p=akkoma

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 485ddfbc7..8bc324f48 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -6,6 +6,8 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
   alias Pleroma.Config
   import Plug.Conn
 
+  require Logger
+
   def init(opts), do: opts
 
   def call(conn, _options) do
@@ -56,14 +58,14 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     connect_src = "connect-src 'self' #{static_url} #{websocket_url}"
 
     connect_src =
-      if Mix.env() == :dev do
+      if Pleroma.Config.get(:env) == :dev do
         connect_src <> " http://localhost:3035/"
       else
         connect_src
       end
 
     script_src =
-      if Mix.env() == :dev do
+      if Pleroma.Config.get(:env) == :dev do
         "script-src 'self' 'unsafe-eval'"
       else
         "script-src 'self'"
@@ -90,6 +92,15 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     |> Enum.join("; ")
   end
 
+  def warn_if_disabled do
+    unless Config.get([:http_security, :enabled]) do
+      Logger.warn("HTTP Security is disabled. Add this line to you config to enable it:
+
+      config :pleroma, :http_security, enabled: true
+      ")
+    end
+  end
+
   defp maybe_send_sts_header(conn, true) do
     max_age_sts = Config.get([:http_security, :sts_max_age])
     max_age_ct = Config.get([:http_security, :ct_max_age])