From 1c699144d23aa4a86ff8b6ebef7d760ce9e3a4e2 Mon Sep 17 00:00:00 2001
From: Lain Soykaf <lain@lain.com>
Date: Mon, 27 May 2024 21:26:40 +0400
Subject: HttpSecurityPlug: Don't allow unsafe-eval by default

---
 config/config.exs | 3 ++-
 1 file changed, 2 insertions(+), 1 deletion(-)

(limited to 'config/config.exs')

diff --git a/config/config.exs b/config/config.exs
index 4752bbbde..f861daf04 100644
--- a/config/config.exs
+++ b/config/config.exs
@@ -519,7 +519,8 @@ config :pleroma, :http_security,
   sts: false,
   sts_max_age: 31_536_000,
   ct_max_age: 2_592_000,
-  referrer_policy: "same-origin"
+  referrer_policy: "same-origin",
+  allow_unsafe_eval: false
 
 config :cors_plug,
   max_age: 86_400,
-- 
cgit v1.2.3