HttpSecurityPlug: Don't allow unsafe-eval by default

author: Lain Soykaf <lain@lain.com> 2024-05-27 21:26:40 +0400
committer: Lain Soykaf <lain@lain.com> 2024-05-27 21:26:40 +0400
commit: 1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2 (patch)
tree: 215becaaca801c5917d90d2f59b0e90aae57e57d /config/config.exs
parent: 07b7a8d697344fbb82043599006fb2b4e03aa46d (diff)
download: pleroma-1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2.tar.gz
pleroma-1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2.zip
1 files changed, 2 insertions, 1 deletions
diff --git a/config/config.exs b/config/config.exs
index 4752bbbde..f861daf04 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -519,7 +519,8 @@ config :pleroma, :http_security,
   sts: false,
   sts_max_age: 31_536_000,
   ct_max_age: 2_592_000,
-  referrer_policy: "same-origin"
+  referrer_policy: "same-origin",
+  allow_unsafe_eval: false
 
 config :cors_plug,
   max_age: 86_400,
author	Lain Soykaf <lain@lain.com>	2024-05-27 21:26:40 +0400
committer	Lain Soykaf <lain@lain.com>	2024-05-27 21:26:40 +0400
commit	1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2 (patch)
tree	215becaaca801c5917d90d2f59b0e90aae57e57d /config/config.exs
parent	07b7a8d697344fbb82043599006fb2b4e03aa46d (diff)
download	pleroma-1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2.tar.gz pleroma-1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2.zip