From a079ec3a3cdfd42d2cbd51c7698c2c87828e5778 Mon Sep 17 00:00:00 2001 From: FloatingGhost Date: Fri, 14 Apr 2023 16:36:40 +0100 Subject: [PATCH] in dev, allow dev FE --- lib/pleroma/web/plugs/http_security_plug.ex | 9 ++++++++- 1 file changed, 8 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index b1f1ada94..570aeefff 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -8,6 +8,8 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do require Logger + @mix_env Mix.env() + def init(opts), do: opts def call(conn, _options) do @@ -114,7 +116,12 @@ defp csp_string(conn) do style_src = "style-src 'self' '#{nonce_tag}'" font_src = "font-src 'self'" - script_src = "script-src 'self' '#{nonce_tag}'" + script_src = "script-src 'self' '#{nonce_tag}' " + script_src = if @mix_env == :dev do + "script-src 'self' 'unsafe-eval' 'unsafe-inline'" + else + script_src + end report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"] insecure = if scheme == "https", do: "upgrade-insecure-requests"