From: FloatingGhost Date: Fri, 14 Apr 2023 15:36:40 +0000 (+0100) Subject: in dev, allow dev FE X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=a079ec3a3cdfd42d2cbd51c7698c2c87828e5778;p=akkoma in dev, allow dev FE --- diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index b1f1ada94..570aeefff 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -8,6 +8,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do require Logger + @mix_env Mix.env() + def init(opts), do: opts def call(conn, _options) do @@ -114,7 +116,12 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do style_src = "style-src 'self' '#{nonce_tag}'" font_src = "font-src 'self'" - script_src = "script-src 'self' '#{nonce_tag}'" + script_src = "script-src 'self' '#{nonce_tag}' " + script_src = if @mix_env == :dev do + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + else + script_src + end report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"] insecure = if scheme == "https", do: "upgrade-insecure-requests"