Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode
This is needed to run dev mode mastofe at the same time
This commit is contained in:
parent
71ce564ecc
commit
00e8f0b07d
|
@ -43,9 +43,11 @@ defp csp_string do
|
||||||
"media-src 'self' https:",
|
"media-src 'self' https:",
|
||||||
"style-src 'self' 'unsafe-inline'",
|
"style-src 'self' 'unsafe-inline'",
|
||||||
"font-src 'self'",
|
"font-src 'self'",
|
||||||
"script-src 'self'",
|
|
||||||
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
|
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
|
||||||
"manifest-src 'self'",
|
"manifest-src 'self'",
|
||||||
|
if Mix.env() == :dev do
|
||||||
|
"script-src 'self' 'unsafe-eval'"
|
||||||
|
end,
|
||||||
if scheme == "https" do
|
if scheme == "https" do
|
||||||
"upgrade-insecure-requests"
|
"upgrade-insecure-requests"
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in New Issue