csp plug: add support for certificate transparency
This commit is contained in:
parent
331cf6ada1
commit
df72978dce
|
@ -179,7 +179,8 @@
|
||||||
config :pleroma, :csp,
|
config :pleroma, :csp,
|
||||||
enabled: true,
|
enabled: true,
|
||||||
sts: false,
|
sts: false,
|
||||||
sts_max_age: 31_536_000
|
sts_max_age: 31_536_000,
|
||||||
|
ct_max_age: 2_592_000
|
||||||
|
|
||||||
config :cors_plug,
|
config :cors_plug,
|
||||||
max_age: 86_400,
|
max_age: 86_400,
|
||||||
|
|
|
@ -85,3 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
|
||||||
* ``enabled``: Whether the managed content security policy is enabled
|
* ``enabled``: Whether the managed content security policy is enabled
|
||||||
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
|
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
|
||||||
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
|
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
|
||||||
|
* ``ct_max_age``: The maximum age for the `Except-CT` header if sent
|
||||||
|
|
|
@ -44,10 +44,12 @@ defp csp_string do
|
||||||
end
|
end
|
||||||
|
|
||||||
defp maybe_send_sts_header(conn, true) do
|
defp maybe_send_sts_header(conn, true) do
|
||||||
max_age = Config.get([:csp, :sts_max_age])
|
max_age_sts = Config.get([:csp, :sts_max_age])
|
||||||
|
max_age_ct = Config.get([:csp, :ct_max_age])
|
||||||
|
|
||||||
merge_resp_headers(conn, [
|
merge_resp_headers(conn, [
|
||||||
{"strict-transport-security", "max-age=#{max_age}; includeSubDomains"}
|
{"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},
|
||||||
|
{"expect-ct", "enforce, max-age=#{max_age_ct}"}
|
||||||
])
|
])
|
||||||
end
|
end
|
||||||
|
|
||||||
|
|
Loading…
Reference in New Issue