hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

HttpSecurityPlug: Don't allow unsafe-eval by default

Browse source
This commit is contained in:
Lain Soykaf 2024-05-27 21:26:40 +04:00
commit 1c699144d2
5 changed files with 204 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/config.exs
View file

@ -519,7 +519,8 @@ config :pleroma, :http_security,
sts: false,
sts_max_age: 31_536_000,
ct_max_age: 2_592_000,
referrer_policy: "same-origin"
referrer_policy: "same-origin",
allow_unsafe_eval: false
config :cors_plug,
max_age: 86_400,

1
config/test.exs
View file

@ -154,6 +154,7 @@ config :pleroma, Pleroma.Upload, config_impl: Pleroma.UnstubbedConfigMock
config :pleroma, Pleroma.ScheduledActivity, config_impl: Pleroma.UnstubbedConfigMock
config :pleroma, Pleroma.Web.RichMedia.Helpers, config_impl: Pleroma.StaticStubbedConfigMock
config :pleroma, Pleroma.Uploaders.IPFS, config_impl: Pleroma.UnstubbedConfigMock
config :pleroma, Pleroma.Web.Plugs.HTTPSecurityPlug, config_impl: Pleroma.UnstubbedConfigMock
peer_module =
if String.to_integer(System.otp_release()) >= 25 do