Merge branch 'csp-flash' into 'develop'

allow https: so that flash works across instances without need for media proxy

See merge request pleroma/pleroma!3879
This commit is contained in:
Haelwenn 2023-08-16 13:37:49 +00:00
commit 1e685c8302
2 changed files with 13 additions and 4 deletions

1
changelog.d/3879.fix Normal file
View file

@ -0,0 +1 @@
fix not being able to fetch flash file from remote instance

View file

@ -93,18 +93,26 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do
img_src = "img-src 'self' data: blob:" img_src = "img-src 'self' data: blob:"
media_src = "media-src 'self'" media_src = "media-src 'self'"
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
# Strict multimedia CSP enforcement only when MediaProxy is enabled # Strict multimedia CSP enforcement only when MediaProxy is enabled
{img_src, media_src} = {img_src, media_src, connect_src} =
if Config.get([:media_proxy, :enabled]) && if Config.get([:media_proxy, :enabled]) &&
!Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do !Config.get([:media_proxy, :proxy_opts, :redirect_on_failure]) do
sources = build_csp_multimedia_source_list() sources = build_csp_multimedia_source_list()
{[img_src, sources], [media_src, sources]} {
[img_src, sources],
[media_src, sources],
[connect_src, sources]
}
else else
{[img_src, " https:"], [media_src, " https:"]} {
[img_src, " https:"],
[media_src, " https:"],
[connect_src, " https:"]
}
end end
connect_src = ["connect-src 'self' blob: ", static_url, ?\s, websocket_url]
connect_src = connect_src =
if Config.get(:env) == :dev do if Config.get(:env) == :dev do