From 66a724147dfb4955e10c313cf9dae0ff3cd0214a Mon Sep 17 00:00:00 2001 From: Luc Didry Date: Oct 29 2018 21:54:25 +0000 Subject: Fix default CSP Header --- diff --git a/CHANGELOG b/CHANGELOG index a6ffd27..f4f16e8 100644 --- a/CHANGELOG +++ b/CHANGELOG @@ -1,5 +1,8 @@ Revision history for Lufi +0.03.1 2018-10-29 + - Fix default CSP Header + 0.03 2018-10-28 - Use Mojo::SQLite instead of ORLite - Use FiatTux plugins diff --git a/cpanfile b/cpanfile index 93e8979..9a32652 100644 --- a/cpanfile +++ b/cpanfile @@ -5,7 +5,7 @@ requires 'Mojolicious::Plugin::I18N'; requires 'Mojolicious::Plugin::Mail'; requires 'Mojolicious::Plugin::GzipStatic'; requires 'Mojolicious::Plugin::StaticCache'; -requires 'Mojolicious::Plugin::CSPHeader'; +requires 'Mojolicious::Plugin::CSPHeader', '>= 0.05'; requires 'Mojolicious::Plugin::FiatTux::Helpers', '== 0.08', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-helpers/-/archive/0.08/mojolicious-plugin-fiattux-helpers-0.08.tar.gz'; requires 'Mojolicious::Plugin::FiatTux::GrantAccess', '== 0.05', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-grantaccess/-/archive/0.05/mojolicious-plugin-fiattux-grantaccess-0.05.tar.gz'; requires 'Mojolicious::Plugin::FiatTux::Themes', '== 0.02', url => 'https://framagit.org/fiat-tux/mojolicious/mojolicious-plugin-fiattux-themes/-/archive/0.02/mojolicious-plugin-fiattux-themes-0.02.tar.gz'; diff --git a/cpanfile.snapshot b/cpanfile.snapshot index d922399..018f339 100644 --- a/cpanfile.snapshot +++ b/cpanfile.snapshot @@ -170,8 +170,8 @@ DISTRIBUTIONS Data::Dumper 0 ExtUtils::MakeMaker 0 perl 5.008001 - DBI-1.641 - pathname: T/TI/TIMB/DBI-1.641.tar.gz + DBI-1.642 + pathname: T/TI/TIMB/DBI-1.642.tar.gz provides: Bundle::DBI 12.008696 DBD::DBM 0.08 @@ -227,7 +227,7 @@ DISTRIBUTIONS DBD::Sponge::dr 12.010003 DBD::Sponge::st 12.010003 DBDI 12.015129 - DBI 1.641 + DBI 1.642 DBI::Const::GetInfo::ANSI 2.008697 DBI::Const::GetInfo::ODBC 2.011374 DBI::Const::GetInfoReturn 2.008697 @@ -267,7 +267,7 @@ DISTRIBUTIONS DBI::SQL::Nano::Table_ 1.015544 DBI::Util::CacheMemory 0.010315 DBI::Util::_accessor 0.009479 - DBI::common 1.641 + DBI::common 1.642 requirements: ExtUtils::MakeMaker 6.48 Test::Simple 0.90 @@ -1203,10 +1203,10 @@ DISTRIBUTIONS perl 5.010 strict 0 warnings 0 - Mojolicious-Plugin-CSPHeader-0.03 - pathname: L/LD/LDIDRY/Mojolicious-Plugin-CSPHeader-0.03.tar.gz + Mojolicious-Plugin-CSPHeader-0.05 + pathname: L/LD/LDIDRY/Mojolicious-Plugin-CSPHeader-0.05.tar.gz provides: - Mojolicious::Plugin::CSPHeader 0.03 + Mojolicious::Plugin::CSPHeader 0.05 requirements: ExtUtils::MakeMaker 0 Mojolicious 7.75 @@ -1895,7 +1895,7 @@ DISTRIBUTIONS HTTP::Request 6 HTTP::Request::Common 6 HTTP::Response 6 - HTTP::Status 6 + HTTP::Status 6.18 IO::Select 0 IO::Socket 0 LWP::MediaTypes 6 diff --git a/lib/Lufi/Plugin/Headers.pm b/lib/Lufi/Plugin/Headers.pm index 8c26cc5..55aba11 100644 --- a/lib/Lufi/Plugin/Headers.pm +++ b/lib/Lufi/Plugin/Headers.pm @@ -18,7 +18,10 @@ sub register { 'font-src' => "'self'", 'form-action' => "'self'", 'base-uri' => "'self'", - 'connect-src' => "'self'", + 'connect-src' => { + base => "'self'", + ws => 1 + } }; my $frame_ancestors = '';