sjw
/
pleroma
mirror of https://git.pleroma.social/sjw/pleroma.git
1
0
Fork 0
Code Issues Releases Wiki Activity

Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode 

This is needed to run dev mode mastofe at the same time
This commit is contained in:
Haelwenn (lanodan) Monnier 2019-02-01 13:10:50 +01:00
parent 71ce564ecc
commit 00e8f0b07d
No known key found for this signature in database
GPG Key ID: D5B7A8E43C997DEE
1 changed files with 3 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

4
lib/pleroma/plugs/http_security_plug.ex
View File

@ -43,9 +43,11 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"media-src 'self' https:",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'",
if Mix.env() == :dev do
"script-src 'self' 'unsafe-eval'"
end,
if scheme == "https" do
"upgrade-insecure-requests"
end