diff options
Diffstat (limited to 'config')
| -rw-r--r-- | config/config.exs | 7 | ||||
| -rw-r--r-- | config/config.md | 7 |
2 files changed, 14 insertions, 0 deletions
diff --git a/config/config.exs b/config/config.exs index e82c490e3..9cc558564 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,6 +176,13 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" +config :pleroma, :http_security, + enabled: true, + sts: false, + sts_max_age: 31_536_000, + ct_max_age: 2_592_000, + referrer_policy: "same-origin" + config :cors_plug, max_age: 86_400, methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], diff --git a/config/config.md b/config/config.md index 51172fc4d..5b4110646 100644 --- a/config/config.md +++ b/config/config.md @@ -80,3 +80,10 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``unfollow_blocked``: Whether blocks result in people getting unfollowed * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question + +## :http_security +* ``enabled``: Whether the managed content security policy is enabled +* ``sts``: Whether to additionally send a `Strict-Transport-Security` header +* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent +* ``ct_max_age``: The maximum age for the `Expect-CT` header if sent +* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. |