From 133644dfa2e46dc48980ae6f835b7aa2758b4250 Mon Sep 17 00:00:00 2001 From: eugenijm Date: Fri, 8 Jan 2021 12:06:04 +0300 Subject: Ability to set the Service-Worker-Allowed header --- lib/pleroma/web/plugs/http_security_plug.ex | 8 ++++++++ 1 file changed, 8 insertions(+) (limited to 'lib') diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 4b84f575d..6c959a870 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -23,6 +23,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do defp headers do referrer_policy = Config.get([:http_security, :referrer_policy]) report_uri = Config.get([:http_security, :report_uri]) + service_worker_allowed = Config.get([:http_security, :service_worker_allowed]) headers = [ {"x-xss-protection", "1; mode=block"}, @@ -34,6 +35,13 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do {"content-security-policy", csp_string()} ] + headers = + if service_worker_allowed do + [{"service-worker-allowed", service_worker_allowed} | headers] + else + headers + end + if report_uri do report_group = %{ "group" => "csp-endpoint", -- cgit v1.2.3 From 7fcaa188a0be4bc8e41790ddda9b6789cb318347 Mon Sep 17 00:00:00 2001 From: eugenijm Date: Thu, 21 Jan 2021 14:58:18 +0300 Subject: Allow to define custom HTTP headers per each frontend --- lib/pleroma/web/plugs/http_security_plug.ex | 24 ++++++++++++++++++++---- 1 file changed, 20 insertions(+), 4 deletions(-) (limited to 'lib') diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 6c959a870..0025b042a 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -20,10 +20,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do end end - defp headers do + def primary_frontend do + with %{"name" => frontend} <- Config.get([:frontends, :primary]), + available <- Config.get([:frontends, :available]), + %{} = primary_frontend <- Map.get(available, frontend) do + {:ok, primary_frontend} + end + end + + def custom_http_frontend_headers do + with {:ok, %{"custom-http-headers" => custom_headers}} <- primary_frontend() do + custom_headers + else + _ -> [] + end + end + + def headers do referrer_policy = Config.get([:http_security, :referrer_policy]) report_uri = Config.get([:http_security, :report_uri]) - service_worker_allowed = Config.get([:http_security, :service_worker_allowed]) + custom_http_frontend_headers = custom_http_frontend_headers() headers = [ {"x-xss-protection", "1; mode=block"}, @@ -36,8 +52,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do ] headers = - if service_worker_allowed do - [{"service-worker-allowed", service_worker_allowed} | headers] + if custom_http_frontend_headers do + custom_http_frontend_headers ++ headers else headers end -- cgit v1.2.3