diff options
| author | Henry Jameson <me@hjkos.com> | 2023-05-07 15:34:17 +0300 |
|---|---|---|
| committer | Henry Jameson <me@hjkos.com> | 2023-05-07 15:34:17 +0300 |
| commit | 2a07411b0cb14ea26966659605d95074b02a8538 (patch) | |
| tree | c2c13fc0ffdb664201f2d30f309a71d5ecfe1f00 | |
| parent | f50fd9278fd36e6bd3ae36bb7f5033d9fd8a84ac (diff) | |
| download | pleroma-2a07411b0cb14ea26966659605d95074b02a8538.tar.gz pleroma-2a07411b0cb14ea26966659605d95074b02a8538.zip | |
keep the websocket url for all modes
| -rw-r--r-- | lib/pleroma/web/plugs/http_security_plug.ex | 4 |
1 files changed, 2 insertions, 2 deletions
diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index b189d5bfd..b3dc8a3a6 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -93,7 +93,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do img_src = "img-src 'self' data: blob:" media_src = "media-src 'self'" - connect_src = "connect-src 'self' blob:" + connect_src = ["connect-src 'self' blob: ", ?\s, websocket_url] # Strict multimedia CSP enforcement only when MediaProxy is enabled {img_src, media_src, connect_src} = @@ -103,7 +103,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do { [img_src, sources], [media_src, sources], - [connect_src, sources, ?\s, websocket_url] + [connect_src, sources] } else { |