hj/pleroma
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity

Merge branch 'fix/mediaproxy-bypass-emoji' into 'develop'

Browse source 
Fix profile emojis bypassing mediaproxy and harden CSP

Closes #1810

See merge request pleroma/pleroma!2596
This commit is contained in:
rinpatch 2020-05-29 09:46:31 +00:00
commit a51284b60a
3 changed files with 73 additions and 31 deletions
Download patch file Download diff file Expand all files Collapse all files

2
test/plugs/http_security_plug_test.exs
View file

@ -67,7 +67,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
[csp] = Conn.get_resp_header(conn, "content-security-policy")
assert csp =~ ~r|report-uri https://endpoint.com; report-to csp-endpoint;|
assert csp =~ ~r|report-uri https://endpoint.com;report-to csp-endpoint;|
[reply_to] = Conn.get_resp_header(conn, "reply-to")