Warn if HTTPSecurityPlug is disabled

This commit is contained in:
Egor Kislitsyn 2020-01-28 18:04:13 +04:00
parent d9cb8acd3e
commit 6302b40791
No known key found for this signature in database
GPG key ID: 1B49CB15B71E7805
2 changed files with 12 additions and 0 deletions

View file

@ -33,6 +33,7 @@ def user_agent do
def start(_type, _args) do
Pleroma.HTML.compile_scrubbers()
Pleroma.Config.DeprecationWarnings.warn()
Pleroma.Plugs.HTTPSecurityPlug.warn_if_disabled()
Pleroma.Repo.check_migrations_applied!()
setup_instrumenters()
load_custom_modules()

View file

@ -6,6 +6,8 @@ defmodule Pleroma.Plugs.HTTPSecurityPlug do
alias Pleroma.Config
import Plug.Conn
require Logger
def init(opts), do: opts
def call(conn, _options) do
@ -90,6 +92,15 @@ defp csp_string do
|> Enum.join("; ")
end
def warn_if_disabled do
unless Config.get([:http_security, :enabled]) do
Logger.warn("HTTP Security is disabled. Add this line to you config to enable it:
config :pleroma, :http_security, enabled: true
")
end
end
defp maybe_send_sts_header(conn, true) do
max_age_sts = Config.get([:http_security, :sts_max_age])
max_age_ct = Config.get([:http_security, :ct_max_age])