projects / akkoma / blobdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | inline | side by side
Merge pull request 'Chores for 2022.11' (#266) from 2022-11-stable into develop
[akkoma] / lib / pleroma / web / plugs / http_security_plug.ex
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex
index 3e8e931d1aca3325d414293ff02892cd97b697da..fc2f7b268926a7b676d6108af5171f5af3027c2f 100644 (file)
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@@ -104,13 +104,12 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
         {[img_src, " https:"], [media_src, " https:"]}
       end
 
-    connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
-
     connect_src =
-      if Config.get(:env) == :dev do
-        [connect_src, " http://localhost:3035/"]
+      if Config.get([:media_proxy, :enabled]) do
+        sources = build_csp_multimedia_source_list()
+        ["connect-src 'self' blob: ", static_url, ?\s, websocket_url, ?\s, sources]
       else
-        connect_src
+        ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
       end
 
     script_src =
Fork of https://akkoma.dev/AkkomaGang/akkoma.git