a1batross
/
pleroma
1
0
Fork 0
Code Issues 1 Pull Requests Releases Wiki Activity

Add Captcha endpoint to CSP headers when MediaProxy is enabled. 

Our CSP rules are lax when MediaProxy enabled, but lenient otherwise.

This fixes broken captcha on instances not using MediaProxy.
This commit is contained in:
Mark Felder 2020-07-03 17:06:20 -05:00
parent c2a052a346
commit eaa59daa4c
1 changed files with 8 additions and 0 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
lib/pleroma/plugs/http_security_plug.ex
View File

@ -125,11 +125,19 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
if Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.S3, if Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.S3,
do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host
captcha_method = Config.get([Pleroma.Captcha, :method])
captcha_endpoint =
if Config.get([Pleroma.Captcha, :enabled]) &&
captcha_method != "Pleroma.Captcha.Native",
do: Config.get([captcha_method, :endpoint])
[] []
|> add_source(media_proxy_base_url) |> add_source(media_proxy_base_url)
|> add_source(upload_base_url) |> add_source(upload_base_url)
|> add_source(s3_endpoint) |> add_source(s3_endpoint)
|> add_source(media_proxy_whitelist) |> add_source(media_proxy_whitelist)
|> add_source(captcha_endpoint)
end end
defp add_source(iodata, nil), do: iodata defp add_source(iodata, nil), do: iodata