X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fhttp_security_plug.ex;h=c363b193b8573fc290000c4b4ebc47882506bf3d;hb=9c672ecbb5d4477cd16d2139a2cb66d3923ac5c8;hp=3bf0b8ce72a641504c424ec93888a7f8184208be;hpb=af612bd006a2792e27f9b995c0c86e010cc77e6c;p=akkoma

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 3bf0b8ce7..c363b193b 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -82,14 +82,14 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
 
     connect_src =
-      if Pleroma.Config.get(:env) == :dev do
+      if Config.get(:env) == :dev do
         [connect_src, " http://localhost:3035/"]
       else
         connect_src
       end
 
     script_src =
-      if Pleroma.Config.get(:env) == :dev do
+      if Config.get(:env) == :dev do
         "script-src 'self' 'unsafe-eval'"
       else
         "script-src 'self'"
@@ -108,51 +108,61 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     |> :erlang.iolist_to_binary()
   end
 
-  defp build_csp_multimedia_source_list do
-    media_proxy_whitelist =
-      Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc ->
-        add_source(acc, host)
-      end)
+  defp build_csp_from_whitelist([], acc), do: acc
 
-    media_proxy_base_url =
-      if Config.get([:media_proxy, :base_url]),
-        do: build_csp_param(Config.get([:media_proxy, :base_url]))
+  defp build_csp_from_whitelist([last], acc) do
+    [build_csp_param_from_whitelist(last) | acc]
+  end
 
-    upload_base_url =
-      if Config.get([Pleroma.Upload, :base_url]),
-        do: build_csp_param(Config.get([Pleroma.Upload, :base_url]))
+  defp build_csp_from_whitelist([head | tail], acc) do
+    build_csp_from_whitelist(tail, [[?\s, build_csp_param_from_whitelist(head)] | acc])
+  end
 
-    s3_endpoint =
-      if Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.S3,
-        do: build_csp_param(Config.get([Pleroma.Uploaders.S3, :public_endpoint]))
+  # TODO: use `build_csp_param/1` after removing support bare domains for media proxy whitelist
+  defp build_csp_param_from_whitelist("http" <> _ = url) do
+    build_csp_param(url)
+  end
 
-    captcha_method = Config.get([Pleroma.Captcha, :method])
+  defp build_csp_param_from_whitelist(url), do: url
 
-    captcha_endpoint =
-      if Config.get([Pleroma.Captcha, :enabled]) &&
-           captcha_method != "Pleroma.Captcha.Native",
-         do: build_csp_param(Config.get([captcha_method, :endpoint]))
+  defp build_csp_multimedia_source_list do
+    media_proxy_whitelist =
+      [:media_proxy, :whitelist]
+      |> Config.get()
+      |> build_csp_from_whitelist([])
 
-    []
-    |> add_source(media_proxy_base_url)
-    |> add_source(upload_base_url)
-    |> add_source(s3_endpoint)
+    captcha_method = Config.get([Pleroma.Captcha, :method])
+    captcha_endpoint = Config.get([captcha_method, :endpoint])
+
+    base_endpoints =
+      [
+        [:media_proxy, :base_url],
+        [Pleroma.Upload, :base_url],
+        [Pleroma.Uploaders.S3, :public_endpoint]
+      ]
+      |> Enum.map(&Config.get/1)
+
+    [captcha_endpoint | base_endpoints]
+    |> Enum.map(&build_csp_param/1)
+    |> Enum.reduce([], &add_source(&2, &1))
     |> add_source(media_proxy_whitelist)
-    |> add_source(captcha_endpoint)
   end
 
   defp add_source(iodata, nil), do: iodata
+  defp add_source(iodata, []), do: iodata
   defp add_source(iodata, source), do: [[?\s, source] | iodata]
 
   defp add_csp_param(csp_iodata, nil), do: csp_iodata
 
   defp add_csp_param(csp_iodata, param), do: [[param, ?;] | csp_iodata]
 
+  defp build_csp_param(nil), do: nil
+
   defp build_csp_param(url) when is_binary(url) do
     %{host: host, scheme: scheme} = URI.parse(url)
 
     if scheme do
-      scheme <> "://" <> host
+      [scheme, "://", host]
     end
   end