Verified Commit 00e8f0b0 authored by Haelwenn's avatar Haelwenn

Plugs.HTTPSecurityPlug: Add unsafe-eval to script-src when in dev mode

This is needed to run dev mode mastofe at the same time
parent 71ce564e
...@@ -43,9 +43,11 @@ defp csp_string do ...@@ -43,9 +43,11 @@ defp csp_string do
"media-src 'self' https:", "media-src 'self' https:",
"style-src 'self' 'unsafe-inline'", "style-src 'self' 'unsafe-inline'",
"font-src 'self'", "font-src 'self'",
"script-src 'self'",
"connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"), "connect-src 'self' " <> String.replace(Pleroma.Web.Endpoint.static_url(), "http", "ws"),
"manifest-src 'self'", "manifest-src 'self'",
if Mix.env() == :dev do
"script-src 'self' 'unsafe-eval'"
end,
if scheme == "https" do if scheme == "https" do
"upgrade-insecure-requests" "upgrade-insecure-requests"
end end
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment