Merge branch 'fix-csp-upgrade-insecure-requests-check' into 'develop'

Fix CSP check for 'upgrade-insecure-requests'

See merge request pleroma/pleroma!814

1 files changed, 2 insertions, 2 deletions

diff --git a/lib/pleroma/plugs/http_security_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 2a266c407..3c8e6a18f 100644
--- a/lib/pleroma/plugs/http_security_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -33,7 +33,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
   end
 
   defp csp_string do
-    protocol = Config.get([Pleroma.Web.Endpoint, :protocol])
+    scheme = Config.get([Pleroma.Web.Endpoint, :url])[:scheme]
 
     [
       "default-src 'none'",
@@ -46,7 +46,7 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
       "script-src 'self'",
       "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
       "manifest-src 'self'",
-      if protocol == "https" do
+      if scheme == "https" do
         "upgrade-insecure-requests"
       end
     ]