Add Captcha endpoint to CSP headers when MediaProxy is enabled.

Our CSP rules are lax when MediaProxy enabled, but lenient otherwise.

This fixes broken captcha on instances not using MediaProxy.
This commit is contained in:
Mark Felder 2020-07-03 17:06:20 -05:00
parent c2a052a346
commit eaa59daa4c

View file

@ -125,11 +125,19 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
if Config.get([Pleroma.Upload, :uploader]) == Pleroma.Uploaders.S3,
do: URI.parse(Config.get([Pleroma.Uploaders.S3, :public_endpoint])).host
captcha_method = Config.get([Pleroma.Captcha, :method])
captcha_endpoint =
if Config.get([Pleroma.Captcha, :enabled]) &&
captcha_method != "Pleroma.Captcha.Native",
do: Config.get([captcha_method, :endpoint])
[]
|> add_source(media_proxy_base_url)
|> add_source(upload_base_url)
|> add_source(s3_endpoint)
|> add_source(media_proxy_whitelist)
|> add_source(captcha_endpoint)
end
defp add_source(iodata, nil), do: iodata