config: add default parameters for CSPPlug

2018-11-11 06:37:18 +00:00 · 2018-11-11 06:37:18 +00:00 · 69f5dfcfb3
commit 69f5dfcfb3
parent 057a9017b3
2 changed files with 10 additions and 0 deletions
--- a/config/config.exs
+++ b/config/config.exs
@ -176,6 +176,11 @@
  limit: 23,
  web: "https://vinayaka.distsn.org/?{{host}}+{{user}}"

+config :pleroma, :csp,
+  enabled: true,
+  sts: false,
+  sts_max_age: 31_536_000
+
 config :cors_plug,
  max_age: 86_400,
  methods: ["POST", "PUT", "DELETE", "GET", "PATCH", "OPTIONS"],
--- a/config/config.md
+++ b/config/config.md
@ -80,3 +80,8 @@ This section is used to configure Pleroma-FE, unless ``:managed_config`` in ``:i
 * ``unfollow_blocked``: Whether blocks result in people getting unfollowed
 * ``outgoing_blocks``: Whether to federate blocks to other instances
 * ``deny_follow_blocked``: Whether to disallow following an account that has blocked the user in question
+
+## :csp
+* ``enabled``: Whether the managed content security policy is enabled
+* ``sts``: Whether to additionally send a `Strict-Transport-Security` header
+* ``sts_max_age``: The maximum age for the `Strict-Transport-Security` header if sent