From ea1058929c4dd569c00864f5292ec0a689acd1c6 Mon Sep 17 00:00:00 2001 From: shibayashi Date: Tue, 12 Feb 2019 00:08:52 +0100 Subject: [PATCH] Use url[:scheme] instead of protocol to determine if https is enabled --- lib/pleroma/plugs/http_security_plug.ex | 4 ++-- 1 file changed, 2 insertions(+), 2 deletions(-) diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex index 2a266c407..3c8e6a18f 100644 --- a/lib/pleroma/plugs/http_security_plug.ex +++ b/lib/pleroma/plugs/http_security_plug.ex @@ -33,7 +33,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do end defp csp_string do - protocol = Config.get([Pleroma.Web.Endpoint, :protocol]) + scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] [ "default-src 'none'", @@ -46,7 +46,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do "script-src 'self'", "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "manifest-src 'self'", - if protocol == "https" do + if scheme == "https" do "upgrade-insecure-requests" end ] -- 2.45.2