Commit graph

18 commits

Author SHA1 Message Date
setop 7030d56864 all developments of milestone 1 2024-04-10 12:36:21 +00:00
Thomas Citharel a51b36fb75
Fix building CSP policy
You can't use 'none' as a CSP Policy if there's other things among

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 16:47:24 +01:00
Thomas Citharel e31433cf83
Allow for resource providers to register a csp policy
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 11:50:15 +01:00
Thomas Citharel 57fac37347
Support CSP report_uri, report_to and the Report-To and Reporting-Endpoints headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 10:55:26 +01:00
Thomas Citharel e97206077c
Add CSP Policy for pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-04 09:26:45 +01:00
Thomas Citharel a1726fc12e
Add sha-256 hash for toggling dark theme code and remove inlined phoenix digest
Follow-up to !1300

Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-11-02 11:36:32 +01:00
Thomas Citharel 4db13046b7
Provide an accept CSP policy for global search pictures
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-08-28 10:02:06 +02:00
Thomas Citharel e3adc0684f
Make FrontEndAnalytics provide CSP configuration
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2022-04-06 19:56:09 +02:00
Thomas Citharel b5d9b82bdd
Refactor Mobilizon.Federation.ActivityPub and add typespecs
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-29 16:31:11 +02:00
Thomas Citharel 41f086e2c9
Spec improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-27 09:42:12 +02:00
Thomas Citharel 1893d9f55b
Various refactoring and typespec improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-26 17:52:24 +02:00
Thomas Citharel de047c8939
Various typespec and compilation improvements
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-09-26 17:52:20 +02:00
Thomas Citharel b196719238
Remove unsafe-inline from CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-07-02 09:46:38 +02:00
Thomas Citharel bac2d3188c
Fix GraphiQL CSP headers
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-06-28 11:57:11 +02:00
Thomas Citharel f2175c6498
Refactor CSP
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-04-16 14:57:02 +02:00
Thomas Citharel 8508558945
Allow every origin for connect-src because of Webfinger
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-02-26 11:44:27 +01:00
Thomas Citharel e933004daf
Fix CSP issues in production
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-01-26 17:00:15 +01:00
Thomas Citharel e0e46a81e3
Refactor CSP config by using Pleroma's HTTPSecurityPlug
Signed-off-by: Thomas Citharel <tcit@tcit.fr>
2021-01-25 18:06:49 +01:00