Provide an accept CSP policy for global search pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
This commit is contained in:
parent
8812122168
commit
4db13046b7
|
@ -371,7 +371,10 @@ config :mobilizon, Mobilizon.Service.GlobalSearch,
|
||||||
service: Mobilizon.Service.GlobalSearch.SearchMobilizon
|
service: Mobilizon.Service.GlobalSearch.SearchMobilizon
|
||||||
|
|
||||||
config :mobilizon, Mobilizon.Service.GlobalSearch.SearchMobilizon,
|
config :mobilizon, Mobilizon.Service.GlobalSearch.SearchMobilizon,
|
||||||
endpoint: "https://search.joinmobilizon.org"
|
endpoint: "https://search.joinmobilizon.org",
|
||||||
|
csp_policy: [
|
||||||
|
img_src: "search.joinmobilizon.org"
|
||||||
|
]
|
||||||
|
|
||||||
# Import environment specific config. This must remain at the bottom
|
# Import environment specific config. This must remain at the bottom
|
||||||
# of this file so it overrides the configuration defined above.
|
# of this file so it overrides the configuration defined above.
|
||||||
|
|
|
@ -32,6 +32,10 @@ defmodule Mobilizon.Service.GlobalSearch.Provider do
|
||||||
Page.t(EventResult.t())
|
Page.t(EventResult.t())
|
||||||
@callback search_groups(search_options :: keyword) ::
|
@callback search_groups(search_options :: keyword) ::
|
||||||
Page.t(GroupResult.t())
|
Page.t(GroupResult.t())
|
||||||
|
@doc """
|
||||||
|
The CSP configuration to add for the service to work
|
||||||
|
"""
|
||||||
|
@callback csp() :: keyword()
|
||||||
|
|
||||||
@spec endpoint(atom()) :: String.t()
|
@spec endpoint(atom()) :: String.t()
|
||||||
def endpoint(provider) do
|
def endpoint(provider) do
|
||||||
|
|
|
@ -113,6 +113,16 @@ defmodule Mobilizon.Service.GlobalSearch.SearchMobilizon do
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
||||||
|
@impl Provider
|
||||||
|
@doc """
|
||||||
|
Returns the CSP configuration for this search provider to work
|
||||||
|
"""
|
||||||
|
def csp do
|
||||||
|
:mobilizon
|
||||||
|
|> Application.get_env(__MODULE__, [])
|
||||||
|
|> Keyword.get(:csp_policy, [])
|
||||||
|
end
|
||||||
|
|
||||||
defp build_event(data) do
|
defp build_event(data) do
|
||||||
picture =
|
picture =
|
||||||
if data["banner"] do
|
if data["banner"] do
|
||||||
|
|
|
@ -10,6 +10,7 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
||||||
|
|
||||||
alias Mobilizon.Config
|
alias Mobilizon.Config
|
||||||
alias Mobilizon.Service.FrontEndAnalytics
|
alias Mobilizon.Service.FrontEndAnalytics
|
||||||
|
alias Mobilizon.Service.GlobalSearch
|
||||||
import Plug.Conn
|
import Plug.Conn
|
||||||
|
|
||||||
require Logger
|
require Logger
|
||||||
|
@ -139,7 +140,8 @@ defmodule Mobilizon.Web.Plugs.HTTPSecurityPlug do
|
||||||
defp get_csp_config(type, options) do
|
defp get_csp_config(type, options) do
|
||||||
config_policy = Keyword.get(options, type, Config.get([:http_security, :csp_policy, type]))
|
config_policy = Keyword.get(options, type, Config.get([:http_security, :csp_policy, type]))
|
||||||
front_end_analytics_policy = [Keyword.get(FrontEndAnalytics.csp(), type, [])]
|
front_end_analytics_policy = [Keyword.get(FrontEndAnalytics.csp(), type, [])]
|
||||||
|
global_search_policy = [Keyword.get(GlobalSearch.service().csp(), type, [])]
|
||||||
|
|
||||||
Enum.join(config_policy ++ front_end_analytics_policy, " ")
|
Enum.join(config_policy ++ front_end_analytics_policy ++ global_search_policy, " ")
|
||||||
end
|
end
|
||||||
end
|
end
|
||||||
|
|
Loading…
Reference in a new issue