mirrors/gotosocial
1
0
Fork 0
mirror of https://github.com/superseriousbusiness/gotosocial.git synced 2025-11-02 17:42:25 -06:00
Code Issues Projects Releases Packages Wiki Activity Actions

[fix] Update CSP header for blob images (upload preview) and dev livereload (#2109)

Browse source 
* update CSP header for blob images (upload preview) and dev livereload websocket

* update csp for s3, update csp tests
This commit is contained in:
f0x52 2023-08-14 12:30:09 +02:00 committed by GitHub
commit 912a104aed
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
2 changed files with 17 additions and 20 deletions
Download patch file Download diff file Expand all files Collapse all files

18
internal/middleware/middleware_test.go
View file

@ -38,55 +38,55 @@ func TestBuildContentSecurityPolicy(t *testing.T) {
s3Endpoint: "",
s3Proxy: false,
s3Secure: false,
expected: "default-src 'self'",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob:",
},
{
s3Endpoint: "some-bucket-provider.com",
s3Proxy: false,
s3Secure: true,
expected: "default-src 'self'; img-src 'self' https://some-bucket-provider.com; media-src 'self' https://some-bucket-provider.com",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://some-bucket-provider.com; media-src 'self' https://some-bucket-provider.com",
},
{
s3Endpoint: "some-bucket-provider.com:6969",
s3Proxy: false,
s3Secure: true,
expected: "default-src 'self'; img-src 'self' https://some-bucket-provider.com:6969; media-src 'self' https://some-bucket-provider.com:6969",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://some-bucket-provider.com:6969; media-src 'self' https://some-bucket-provider.com:6969",
},
{
s3Endpoint: "some-bucket-provider.com:6969",
s3Proxy: false,
s3Secure: false,
expected: "default-src 'self'; img-src 'self' http://some-bucket-provider.com:6969; media-src 'self' http://some-bucket-provider.com:6969",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: http://some-bucket-provider.com:6969; media-src 'self' http://some-bucket-provider.com:6969",
},
{
s3Endpoint: "s3.nl-ams.scw.cloud",
s3Proxy: false,
s3Secure: true,
expected: "default-src 'self'; img-src 'self' https://s3.nl-ams.scw.cloud; media-src 'self' https://s3.nl-ams.scw.cloud",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob: https://s3.nl-ams.scw.cloud; media-src 'self' https://s3.nl-ams.scw.cloud",
},
{
s3Endpoint: "some-bucket-provider.com",
s3Proxy: true,
s3Secure: true,
expected: "default-src 'self'",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob:",
},
{
s3Endpoint: "some-bucket-provider.com:6969",
s3Proxy: true,
s3Secure: true,
expected: "default-src 'self'",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob:",
},
{
s3Endpoint: "some-bucket-provider.com:6969",
s3Proxy: true,
s3Secure: true,
expected: "default-src 'self'",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob:",
},
{
s3Endpoint: "s3.nl-ams.scw.cloud",
s3Proxy: true,
s3Secure: true,
expected: "default-src 'self'",
expected: "default-src 'self'; object-src 'none'; img-src 'self' blob:",
},
} {
config.SetStorageS3Endpoint(test.s3Endpoint)