home73k/lib/home73k_web/csp_header.ex

defmodule Home73kWeb.CSPHeader do
  import Plug.Conn

  def init(opts), do: opts

  def call(conn, _opts) do
    put_resp_header conn, "content-security-policy", csp(conn)
  end

  defp csp(conn) do
    "default-src 'self'; \
    connect-src 'self' #{ws_url conn} #{ws_url conn, "wss"}; \
    script-src 'self' 'unsafe-inline' 'unsafe-eval'; \
    style-src 'self' 'unsafe-inline' 'unsafe-eval'"
  end

  defp ws_url(conn, protocol \\ "ws") do
    endpoint = Phoenix.Controller.endpoint_module(conn)
    %{endpoint.struct_url | scheme: protocol} |> URI.to_string()
  end
end
adding proper CSP header plug and setting ignore config for mix sobelow 2021-04-06 18:40:08 -04:00			`defmodule Home73kWeb.CSPHeader do`
			`import Plug.Conn`

			`def init(opts), do: opts`

			`def call(conn, _opts) do`
			`put_resp_header conn, "content-security-policy", csp(conn)`
			`end`

			`defp csp(conn) do`
			`"default-src 'self'; \`
			`connect-src 'self' #{ws_url conn} #{ws_url conn, "wss"}; \`
			`script-src 'self' 'unsafe-inline' 'unsafe-eval'; \`
			`style-src 'self' 'unsafe-inline' 'unsafe-eval'"`
			`end`

			`defp ws_url(conn, protocol \\ "ws") do`
			`endpoint = Phoenix.Controller.endpoint_module(conn)`
			`%{endpoint.struct_url \| scheme: protocol} \|> URI.to_string()`
			`end`
			`end`