Merge branch 'service-worker-allowed-header' into 'develop'

Ability to set custom HTTP headers per each frontend See merge request pleroma/pleroma!3247
2021-01-26 18:14:01 +00:00 · 2021-01-26 18:14:01 +00:00 · d7af0294e6
commit d7af0294e6
parent e1eac4faac 7fcaa188a0
5 changed files with 51 additions and 3 deletions
--- a/lib/pleroma/web/plugs/http_security_plug.ex
+++ b/lib/pleroma/web/plugs/http_security_plug.ex
@ -20,9 +20,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
    end
  end

-  defp headers do
+  def primary_frontend do
+    with %{"name" => frontend} <- Config.get([:frontends, :primary]),
+         available <- Config.get([:frontends, :available]),
+         %{} = primary_frontend <- Map.get(available, frontend) do
+      {:ok, primary_frontend}
+    end
+  end
+
+  def custom_http_frontend_headers do
+    with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do
+      custom_headers
+    else
+      _ -> []
+    end
+  end
+
+  def headers do
    referrer_policy = Config.get([:http_security, :referrer_policy])
    report_uri = Config.get([:http_security, :report_uri])
+    custom_http_frontend_headers = custom_http_frontend_headers()

    headers = [
      {"x-xss-protection", "1; mode=block"},
@ -34,6 +51,13 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
      {"content-security-policy", csp_string()}
    ]

+    headers =
+      if custom_http_frontend_headers do
+        custom_http_frontend_headers ++ headers
+      else
+        headers
+      end
+
    if report_uri do
      report_group = %{
        "group" => "csp-endpoint",