1
0
mirror of https://git.pleroma.social/sjw/pleroma.git synced 2024-12-26 09:35:14 +01:00

Merge branch 'fix-csp-upgrade-insecure-requests-check' into 'develop'

Fix CSP check for 'upgrade-insecure-requests'

See merge request pleroma/pleroma!814
This commit is contained in:
Haelwenn 2019-02-12 02:44:23 +00:00
commit c71b3a1b12

View File

@ -33,7 +33,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
end
defp csp_string do
protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
[
"default-src 'none'",
@ -46,7 +46,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'",
if protocol == "https" do
if scheme == "https" do
"upgrade-insecure-requests"
end
]