From: feld Date: Thu, 11 Jun 2020 16:18:06 +0000 (+0000) Subject: Merge branch 'fix/csp-mediaproxy-base-url' into 'develop' X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=90676bdfe3df526fe9596c25ad63d59fc602eb7a;p=akkoma Merge branch 'fix/csp-mediaproxy-base-url' into 'develop' HTTP security plug: add media proxy base url host to csp See merge request pleroma/pleroma!2638 --- diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 589072535..cad0ad4a0 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -113,6 +113,10 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do add_source(acc, host) end) + media_proxy_base_url = + if Config.get([:media_proxy, :base_url]), + do: URI.parse(Config.get([:media_proxy, :base_url])).host + upload_base_url = if Config.get([Pleroma.Upload, :base_url]), do: URI.parse(Config.get([Pleroma.Upload, :base_url])).host @@ -122,6 +126,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host [] + |> add_source(media_proxy_base_url) |> add_source(upload_base_url) |> add_source(s3_endpoint) |> add_source(media_proxy_whitelist)