HTTP Security plug: make starting csp string generation more readable
This commit is contained in:
parent
29ff6d414b
commit
27180611df
|
@ -49,17 +49,16 @@ defp headers do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
@csp_start [
|
static_csp_rules = [
|
||||||
"default-src 'none'",
|
"default-src 'none'",
|
||||||
"base-uri 'self'",
|
"base-uri 'self'",
|
||||||
"frame-ancestors 'none'",
|
"frame-ancestors 'none'",
|
||||||
"style-src 'self' 'unsafe-inline'",
|
"style-src 'self' 'unsafe-inline'",
|
||||||
"font-src 'self'",
|
"font-src 'self'",
|
||||||
"manifest-src 'self'"
|
"manifest-src 'self'"
|
||||||
]
|
]
|
||||||
|> Enum.join(";")
|
|
||||||
|> Kernel.<>(";")
|
@csp_start [Enum.join(static_csp_rules, ";") <> ";"]
|
||||||
|> List.wrap()
|
|
||||||
|
|
||||||
defp csp_string do
|
defp csp_string do
|
||||||
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
|
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
|
||||||
|
|
Loading…
Reference in New Issue