summaryrefslogtreecommitdiff
path: root/lib
diff options
context:
space:
mode:
Diffstat (limited to 'lib')
-rw-r--r--lib/pleroma/plugs/csp_plug.ex19
1 files changed, 18 insertions, 1 deletions
diff --git a/lib/pleroma/plugs/csp_plug.ex b/lib/pleroma/plugs/csp_plug.ex
index 15d466c36..56f2376ee 100644
--- a/lib/pleroma/plugs/csp_plug.ex
+++ b/lib/pleroma/plugs/csp_plug.ex
@@ -1,10 +1,17 @@
defmodule Pleroma.Plugs.CSPPlug do
+ alias Pleroma.Config
import Plug.Conn
def init(opts), do: opts
def call(conn, options) do
- conn = merge_resp_headers(conn, headers())
+ if Config.get([:csp, :enabled]) do
+ conn =
+ merge_resp_headers(conn, headers())
+ |> maybe_send_sts_header(Config.get([:csp, :sts]))
+ else
+ conn
+ end
end
defp headers do
@@ -35,4 +42,14 @@ defmodule Pleroma.Plugs.CSPPlug do
]
|> Enum.join("; ")
end
+
+ defp maybe_send_sts_header(conn, true) do
+ max_age = Config.get([:csp, :sts_max_age])
+
+ merge_resp_headers(conn, [
+ {"strict-transport-security", "max-age=#{max_age}; includeSubDomains"}
+ ])
+ end
+
+ defp maybe_send_sts_header(conn, _), do: conn
end
generated by cgit v1.2.3 (git 2.25.1) at 2025-10-31 00:16:15 +0000