Rename function and clarify that CSP is only strict with MediaProxy enabled

author Mark Felder <feld@FreeBSD.org>

Fri, 3 Jul 2020 22:18:22 +0000 (17:18 -0500)

committer Mark Felder <feld@FreeBSD.org>

Fri, 3 Jul 2020 22:18:22 +0000 (17:18 -0500)
author Mark Felder <feld@FreeBSD.org>
Fri, 3 Jul 2020 22:18:22 +0000 (17:18 -0500)
committer Mark Felder <feld@FreeBSD.org>
Fri, 3 Jul 2020 22:18:22 +0000 (17:18 -0500)
diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex

index f7192ebfc5b98f01391500204365dc0570ffebdf..23a641fafe44bf5e23f18bcdd01b0d9835965f4f 100644 (file)
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -69,10 +69,11 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
      img_src = "img-src 'self' data: blob:"
      media_src = "media-src 'self'"
  
+    # Strict multimedia CSP enforcement only when MediaProxy is enabled
      {img_src, media_src} =
        if Config.get([:media_proxy, :enabled]) &&
             !Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do
-        sources = get_proxy_and_attachment_sources()
+        sources = build_csp_multimedia_source_list()
          {[img_src, sources], [media_src, sources]}
        else
          {[img_src, " https:"], [media_src, " https:"]}
@@ -107,7 +108,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
      |> :erlang.iolist_to_binary()
    end
  
-  defp get_proxy_and_attachment_sources do
+  defp build_csp_multimedia_source_list do
      media_proxy_whitelist =
        Enum.reduce(Config.get([:media_proxy, :whitelist]), [], fn host, acc ->
          add_source(acc, host)
author	Mark Felder <feld@FreeBSD.org>
	Fri, 3 Jul 2020 22:18:22 +0000 (17:18 -0500)
committer	Mark Felder <feld@FreeBSD.org>
	Fri, 3 Jul 2020 22:18:22 +0000 (17:18 -0500)