X-Git-Url: http://git.squeep.com/?a=blobdiff_plain;f=lib%2Fpleroma%2Fplugs%2Fhttp_security_plug.ex;h=c363b193b8573fc290000c4b4ebc47882506bf3d;hb=9c672ecbb5d4477cd16d2139a2cb66d3923ac5c8;hp=7d65cf078605f9034bbdfb2fceae9be049c1c48e;hpb=5ea638757210c34b40fb568e537082b78f4118a6;p=akkoma

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 7d65cf078..c363b193b 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -108,31 +108,48 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
     |> :erlang.iolist_to_binary()
   end
 
-  defp build_csp_multimedia_source_list do
-    media_proxy_whitelist =
-      Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc ->
-        add_source(acc, host)
-      end)
+  defp build_csp_from_whitelist([], acc), do: acc
 
-    media_proxy_base_url = build_csp_param(Config.get([:media_proxy, :base_url]))
+  defp build_csp_from_whitelist([last], acc) do
+    [build_csp_param_from_whitelist(last) | acc]
+  end
 
-    upload_base_url = build_csp_param(Config.get([Pleroma.Upload, :base_url]))
+  defp build_csp_from_whitelist([head | tail], acc) do
+    build_csp_from_whitelist(tail, [[?\s, build_csp_param_from_whitelist(head)] | acc])
+  end
 
-    s3_endpoint = build_csp_param(Config.get([Pleroma.Uploaders.S3, :public_endpoint]))
+  # TODO: use `build_csp_param/1` after removing support bare domains for media proxy whitelist
+  defp build_csp_param_from_whitelist("http" <> _ = url) do
+    build_csp_param(url)
+  end
 
-    captcha_method = Config.get([Pleroma.Captcha, :method])
+  defp build_csp_param_from_whitelist(url), do: url
 
-    captcha_endpoint = build_csp_param(Config.get([captcha_method, :endpoint]))
+  defp build_csp_multimedia_source_list do
+    media_proxy_whitelist =
+      [:media_proxy, :whitelist]
+      |> Config.get()
+      |> build_csp_from_whitelist([])
 
-    []
-    |> add_source(media_proxy_base_url)
-    |> add_source(upload_base_url)
-    |> add_source(s3_endpoint)
+    captcha_method = Config.get([Pleroma.Captcha, :method])
+    captcha_endpoint = Config.get([captcha_method, :endpoint])
+
+    base_endpoints =
+      [
+        [:media_proxy, :base_url],
+        [Pleroma.Upload, :base_url],
+        [Pleroma.Uploaders.S3, :public_endpoint]
+      ]
+      |> Enum.map(&Config.get/1)
+
+    [captcha_endpoint | base_endpoints]
+    |> Enum.map(&build_csp_param/1)
+    |> Enum.reduce([], &add_source(&2, &1))
     |> add_source(media_proxy_whitelist)
-    |> add_source(captcha_endpoint)
   end
 
   defp add_source(iodata, nil), do: iodata
+  defp add_source(iodata, []), do: iodata
   defp add_source(iodata, source), do: [[?\s, source] | iodata]
 
   defp add_csp_param(csp_iodata, nil), do: csp_iodata