summaryrefslogtreecommitdiff
diff options
context:
space:
mode:
Diffstat
-rw-r--r--config/config.exs2
-rw-r--r--config/config.md2
-rw-r--r--lib/pleroma/plugs/http_security_plug.ex (renamed from lib/pleroma/plugs/csp_plug.ex)10
-rw-r--r--lib/pleroma/web/endpoint.ex2
-rw-r--r--test/plugs/http_security_plug_test.exs (renamed from test/plugs/csp_plug_test.exs)14
5 files changed, 15 insertions, 15 deletions
diff --git a/config/config.exs b/config/config.exs
index 1d918919d..be9c03ceb 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -176,7 +176,7 @@ config :pleroma, :suggestions,
limit: 23,
web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"
-config :pleroma, :csp,
+config :pleroma, :http_security,
enabled: true,
sts: false,
sts_max_age: 31_536_000,
diff --git a/config/config.md b/config/config.md
index 446b0ce67..48af1c236 100644
--- a/config/config.md
+++ b/config/config.md
@@ -81,7 +81,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
* ``outgoing_blocks``: Whether to federate blocks to other instances
* ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
-## :csp
+## :http_security
* ``enabled``: Whether the managed content security policy is enabled
* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent
diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/http_security_plug.ex
index 8fc21b909..8d652a2f3 100644
--- a/lib/pleroma/plugs/csp_plug.ex
+++ b/lib/pleroma/plugs/http_security_plug.ex
@@ -1,14 +1,14 @@
-defmodule Pleroma.Plugs.CSPPlug do
+defmodule Pleroma.Plugs.HTTPSecurityPlug do
alias Pleroma.Config
import Plug.Conn
def init(opts), do: opts
def call(conn, options) do
- if Config.get([:csp, :enabled]) do
+ if Config.get([:http_security, :enabled]) do
conn =
merge_resp_headers(conn, headers())
- |> maybe_send_sts_header(Config.get([:csp, :sts]))
+ |> maybe_send_sts_header(Config.get([:http_security, :sts]))
else
conn
end
@@ -44,8 +44,8 @@ defmodule Pleroma.Plugs.CSPPlug do
end
defp maybe_send_sts_header(conn, true) do
- max_age_sts = Config.get([:csp, :sts_max_age])
- max_age_ct = Config.get([:csp, :ct_max_age])
+ max_age_sts = Config.get([:http_security, :sts_max_age])
+ max_age_ct = Config.get([:http_security, :ct_max_age])
merge_resp_headers(conn, [
{"strict-transport-security", "max-age=#{max_age_sts}; includeSubDomains"},
diff --git a/lib/pleroma/web/endpoint.ex b/lib/pleroma/web/endpoint.ex
index 370d2d792..7783b8e5c 100644
--- a/lib/pleroma/web/endpoint.ex
+++ b/lib/pleroma/web/endpoint.ex
@@ -12,7 +12,7 @@ defmodule Pleroma.Web.Endpoint do
# You should set gzip to true if you are running phoenix.digest
# when deploying your static files in production.
plug(CORSPlug)
- plug(Pleroma.Plugs.CSPPlug)
+ plug(Pleroma.Plugs.HTTPSecurityPlug)
plug(Plug.Static, at: "/media", from: Pleroma.Uploaders.Local.upload_path(), gzip: false)
diff --git a/test/plugs/csp_plug_test.exs b/test/plugs/http_security_plug_test.exs
index e27b24db9..5268a1972 100644
--- a/test/plugs/csp_plug_test.exs
+++ b/test/plugs/http_security_plug_test.exs
@@ -1,10 +1,10 @@
-defmodule Pleroma.Web.Plugs.CSPPlugTest do
+defmodule Pleroma.Web.Plugs.HTTPSecurityPlugTest do
use Pleroma.Web.ConnCase
alias Pleroma.Config
alias Plug.Conn
test "it sends CSP headers when enabled", %{conn: conn} do
- Config.put([:csp, :enabled], true)
+ Config.put([:http_security, :enabled], true)
conn =
conn
@@ -20,7 +20,7 @@ defmodule Pleroma.Web.Plugs.CSPPlugTest do
end
test "it does not send CSP headers when disabled", %{conn: conn} do
- Config.put([:csp, :enabled], false)
+ Config.put([:http_security, :enabled], false)
conn =
conn
@@ -36,8 +36,8 @@ defmodule Pleroma.Web.Plugs.CSPPlugTest do
end
test "it sends STS headers when enabled", %{conn: conn} do
- Config.put([:csp, :enabled], true)
- Config.put([:csp, :sts], true)
+ Config.put([:http_security, :enabled], true)
+ Config.put([:http_security, :sts], true)
conn =
conn
@@ -48,8 +48,8 @@ defmodule Pleroma.Web.Plugs.CSPPlugTest do
end
test "it does not send STS headers when disabled", %{conn: conn} do
- Config.put([:csp, :enabled], true)
- Config.put([:csp, :sts], false)
+ Config.put([:http_security, :enabled], true)
+ Config.put([:http_security, :sts], false)
conn =
conn
generated by cgit v1.2.3 (git 2.25.1) at 2025-11-04 01:32:47 +0000