HTTP Security plug: make starting csp string generation more readable

This commit is contained in:
rinpatch 2020-05-29 12:32:48 +03:00
parent 29ff6d414b
commit 27180611df

View file

@ -49,17 +49,16 @@ defp headers do
end end
end end
@csp_start [ static_csp_rules = [
"default-src 'none'", "default-src 'none'",
"base-uri 'self'", "base-uri 'self'",
"frame-ancestors 'none'", "frame-ancestors 'none'",
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline'",
"font-src 'self'", "font-src 'self'",
"manifest-src 'self'" "manifest-src 'self'"
] ]
|> Enum.join(";")
|> Kernel.<>(";") @csp_start [Enum.join(static_csp_rules, ";") <> ";"]
|> List.wrap()
defp csp_string do defp csp_string do
scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme] scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]