config: add default parameters for CSPPlug

diff --git a/config/config.exs b/config/config.exs
index e82c490e3ae5d99d698d44de94536bf0e53d8a18..ad8653025fd3c6a541488f76b213cf0f5bcc17bf 100644 (file)
--- a/config/config.exs
+++ b/config/config.exs
@@ -176,6 +176,11 @@ config :pleroma, :suggestions,
   limit: 23,
   web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
 
+config :pleroma, :csp,
+  enabled: true,
+  sts: false,
+  sts_max_age: 31_536_000
+
 config :cors_plug,
   max_age: 86_400,
   methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],

diff --git a/config/config.md b/config/config.md
index 51172fc4dc33ee5b73598fc38f4363100f66dbc6..e08d206b65962a4d16f3caf55171b1e7cb33dfaf 100644 (file)
--- a/config/config.md
+++ b/config/config.md
@@ -80,3 +80,8 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``unfollow_blocked``: Whether blocks result in people getting unfollowed
 * ``outgoing_blocks``: Whether to federate blocks to other instances
 * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
+
+## :csp
+* ``enabled``: Whether the managed content security policy is enabled
+* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
+* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent