From: Mark Felder <feld@FreeBSD.org>
Date: Fri, 3 Jul 2020 22:06:20 +0000 (-0500)
Subject: Add Captcha endpoint to CSP headers when MediaProxy is enabled.
X-Git-Url: https://git.squeep.com/?a=commitdiff_plain;h=eaa59daa4c229bf47e30ac389563c82b11378e07;p=akkoma

Add Captcha endpoint to CSP headers when MediaProxy is enabled.

Our CSP rules are lax when MediaProxy enabled, but lenient otherwise.

This fixes broken captcha on instances not using MediaProxy.
---

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 1420a9611..f7192ebfc 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -125,11 +125,19 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       if Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.S3,
         do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host
 
+    captcha_method = Config.get([Pleroma.Captcha, :method])
+
+    captcha_endpoint =
+      if Config.get([Pleroma.Captcha, :enabled]) &&
+           captcha_method != "Pleroma.Captcha.Native",
+         do: Config.get([captcha_method, :endpoint])
+
     []
     |> add_source(media_proxy_base_url)
     |> add_source(upload_base_url)
     |> add_source(s3_endpoint)
     |> add_source(media_proxy_whitelist)
+    |> add_source(captcha_endpoint)
   end
 
   defp add_source(iodata, nil), do: iodata