From 69f5dfcfb3f2b498e1f9957244f0896b6f9d5c2a Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:37:18 +0000 Subject: config: add default parameters for CSPPlug --- config/config.exs | 5 +++++ config/config.md | 5 +++++ 2 files changed, 10 insertions(+) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index e82c490e3..ad8653025 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,6 +176,11 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" +config :pleroma, :csp, + enabled: true, + sts: false, + sts_max_age: 31_536_000 + config :cors_plug, max_age: 86_400, methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"], diff --git a/config/config.md b/config/config.md index 51172fc4d..e08d206b6 100644 --- a/config/config.md +++ b/config/config.md @@ -80,3 +80,8 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``unfollow_blocked``: Whether blocks result in people getting unfollowed * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question + +## :csp +* ``enabled``: Whether the managed content security policy is enabled +* ``sts``: Whether to additionally send a `Strict-Transport-Security` header +* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -- cgit v1.2.3 From df72978dce3805157537e8fa1a2fec35fcf9a7cd Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 06:53:42 +0000 Subject: csp plug: add support for certificate transparency --- config/config.exs | 3 ++- config/config.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index ad8653025..1d918919d 100644 --- a/config/config.exs +++ b/config/config.exs @@ -179,7 +179,8 @@ config :pleroma, :suggestions, config :pleroma, :csp, enabled: true, sts: false, - sts_max_age: 31_536_000 + sts_max_age: 31_536_000, + ct_max_age: 2_592_000 config :cors_plug, max_age: 86_400, diff --git a/config/config.md b/config/config.md index e08d206b6..34f703560 100644 --- a/config/config.md +++ b/config/config.md @@ -85,3 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent +* ``ct_max_age``: The maximum age for the `Except-CT` header if sent -- cgit v1.2.3 From 5dda13ee5f9302cfef215c8ffaa527e9a572a37b Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Sun, 11 Nov 2018 07:27:36 +0000 Subject: config docs: typo fix --- config/config.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.md b/config/config.md index 34f703560..446b0ce67 100644 --- a/config/config.md +++ b/config/config.md @@ -85,4 +85,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -* ``ct_max_age``: The maximum age for the `Except-CT` header if sent +* ``ct_max_age``: The maximum age for the `Expect-CT` header if sent -- cgit v1.2.3 From fe67665e19cc98faff4a8ee53a3f4ca4190ca2ef Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:08:02 +0000 Subject: rename CSPPlug to HTTPSecurityPlug. --- config/config.exs | 2 +- config/config.md | 2 +- 2 files changed, 2 insertions(+), 2 deletions(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index 1d918919d..be9c03ceb 100644 --- a/config/config.exs +++ b/config/config.exs @@ -176,7 +176,7 @@ config :pleroma, :suggestions, limit: 23, web: "https://vinayaka.distsn.org/?{{host}}+{{user}}" -config :pleroma, :csp, +config :pleroma, :http_security, enabled: true, sts: false, sts_max_age: 31_536_000, diff --git a/config/config.md b/config/config.md index 446b0ce67..48af1c236 100644 --- a/config/config.md +++ b/config/config.md @@ -81,7 +81,7 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``outgoing_blocks``: Whether to federate blocks to other instances * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question -## :csp +## :http_security * ``enabled``: Whether the managed content security policy is enabled * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent -- cgit v1.2.3 From ee5932a504d69e591aad7bdd52bd97d1f92d4e32 Mon Sep 17 00:00:00 2001 From: William Pitcock Date: Mon, 12 Nov 2018 15:14:46 +0000 Subject: http security: allow referrer-policy to be configured --- config/config.exs | 3 ++- config/config.md | 1 + 2 files changed, 3 insertions(+), 1 deletion(-) (limited to 'config') diff --git a/config/config.exs b/config/config.exs index be9c03ceb..9cc558564 100644 --- a/config/config.exs +++ b/config/config.exs @@ -180,7 +180,8 @@ config :pleroma, :http_security, enabled: true, sts: false, sts_max_age: 31_536_000, - ct_max_age: 2_592_000 + ct_max_age: 2_592_000, + referrer_policy: "same-origin" config :cors_plug, max_age: 86_400, diff --git a/config/config.md b/config/config.md index 48af1c236..5b4110646 100644 --- a/config/config.md +++ b/config/config.md @@ -86,3 +86,4 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i * ``sts``: Whether to additionally send a `Strict-Transport-Security` header * ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent * ``ct_max_age``: The maximum age for the `Expect-CT` header if sent +* ``referrer_policy``: The referrer policy to use, either `"same-origin"` or `"no-referrer"`. -- cgit v1.2.3