hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

HttpSecurityPlug: Don't allow unsafe-eval by default

Browse source
This commit is contained in:
Lain Soykaf 2024-05-27 21:26:40 +04:00
commit 1c699144d2
5 changed files with 204 additions and 64 deletions
Download patch file Download diff file Expand all files Collapse all files

3
config/config.exs
View file

@ -519,7 +519,8 @@ config :pleroma, :http_security,
sts: false,
sts_max_age: 31_536_000,
ct_max_age: 2_592_000,
referrer_policy: "same-origin"
referrer_policy: "same-origin",
allow_unsafe_eval: false
config :cors_plug,
max_age: 86_400,