in dev, allow dev FE
This commit is contained in:
parent
1b2c24a19e
commit
a079ec3a3c
|
@ -8,6 +8,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
|
|||
|
||||
require Logger
|
||||
|
||||
@mix_env Mix.env()
|
||||
|
||||
def init(opts), do: opts
|
||||
|
||||
def call(conn, _options) do
|
||||
|
@ -114,7 +116,12 @@ defp csp_string(conn) do
|
|||
style_src = "style-src 'self' '#{nonce_tag}'"
|
||||
font_src = "font-src 'self'"
|
||||
|
||||
script_src = "script-src 'self' '#{nonce_tag}'"
|
||||
script_src = "script-src 'self' '#{nonce_tag}' "
|
||||
script_src = if @mix_env == :dev do
|
||||
"script-src 'self' 'unsafe-eval' 'unsafe-inline'"
|
||||
else
|
||||
script_src
|
||||
end
|
||||
|
||||
report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"]
|
||||
insecure = if scheme == "https", do: "upgrade-insecure-requests"
|
||||
|
|
Loading…
Reference in a new issue