HTTP Security plug: make starting csp string generation more readable

This commit is contained in:
rinpatch 2020-05-29 12:32:48 +03:00
parent 29ff6d414b
commit 27180611df
1 changed files with 10 additions and 11 deletions

View File

@ -49,17 +49,16 @@ defp headers do
end
end
@csp_start [
"default-src 'none'",
"base-uri 'self'",
"frame-ancestors 'none'",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"manifest-src 'self'"
]
|> Enum.join(";")
|> Kernel.<>(";")
|> List.wrap()
static_csp_rules = [
"default-src 'none'",
"base-uri 'self'",
"frame-ancestors 'none'",
"style-src 'self' 'unsafe-inline'",
"font-src 'self'",
"manifest-src 'self'"
]
@csp_start [Enum.join(static_csp_rules, ";") <> ";"]
defp csp_string do
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]