hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Ability to set the Service-Worker-Allowed header

Browse source
This commit is contained in:
eugenijm 2021-01-08 12:06:04 +03:00
commit 133644dfa2
4 changed files with 25 additions and 1 deletions
Download patch file Download diff file Expand all files Collapse all files

8
lib/pleroma/web/plugs/http_security_plug.ex
View file

@ -23,6 +23,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
defp headers do
referrer_policy = Config.get([:http_security, :referrer_policy])
report_uri = Config.get([:http_security, :report_uri])
service_worker_allowed = Config.get([:http_security, :service_worker_allowed])
headers = [
{"x-xss-protection", "1; mode=block"},
@ -34,6 +35,13 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
{"content-security-policy", csp_string()}
]
headers =
if service_worker_allowed do
[{"service-worker-allowed", service_worker_allowed} | headers]
else
headers
end
if report_uri do
report_group = %{
"group" => "csp-endpoint",