Merge branch 'configurable-hsts' into fork
This commit is contained in:
Kay Faraday
commit
94c4a7bfdb
|
|
@ -286,3 +286,8 @@ MAX_REMOTE_EMOJI_SIZE=204800
|
||||||
# If unset, this defaults to "GNU Natalie Nguyen". If set to an empty string,
|
# If unset, this defaults to "GNU Natalie Nguyen". If set to an empty string,
|
||||||
# the header is disabled.
|
# the header is disabled.
|
||||||
# CLACKS_OVERHEAD=GNU Natalie Nguyen
|
# CLACKS_OVERHEAD=GNU Natalie Nguyen
|
||||||
|
|
||||||
|
# Whether to use HTTP Strict Transport Security.
|
||||||
|
# true and false toggle the default behavior.
|
||||||
|
# Any other value is used for the header as-is.
|
||||||
|
# HSTS=true
|
||||||
|
|
|
||||||
|
|
@ -121,12 +121,17 @@ Rails.application.configure do
|
||||||
'X-XSS-Protection' => '1; mode=block',
|
'X-XSS-Protection' => '1; mode=block',
|
||||||
'Permissions-Policy' => 'interest-cohort=()',
|
'Permissions-Policy' => 'interest-cohort=()',
|
||||||
'Referrer-Policy' => 'same-origin',
|
'Referrer-Policy' => 'same-origin',
|
||||||
'Strict-Transport-Security' => 'max-age=63072000; includeSubDomains; preload',
|
|
||||||
}
|
}
|
||||||
|
|
||||||
if not (clacks_overhead = ENV.fetch('CLACKS_OVERHEAD', 'GNU Natalie Nguyen')).empty?
|
if not (clacks_overhead = ENV.fetch('CLACKS_OVERHEAD', 'GNU Natalie Nguyen')).empty?
|
||||||
config.action_dispatch.default_headers['X-Clacks-Overhead'] = clacks_overhead
|
config.action_dispatch.default_headers['X-Clacks-Overhead'] = clacks_overhead
|
||||||
end
|
end
|
||||||
|
|
||||||
|
if (hsts = ENV.fetch('HSTS', 'true')) == 'true'
|
||||||
|
config.action_dispatch.default_headers['Strict-Transport-Security'] = 'max-age=63072000; includeSubdomains; preload'
|
||||||
|
elsif hsts != 'false'
|
||||||
|
config.action_dispatch.default_headers['Strict-Transport-Security'] = hsts
|
||||||
|
end
|
||||||
|
|
||||||
config.x.otp_secret = ENV.fetch('OTP_SECRET')
|
config.x.otp_secret = ENV.fetch('OTP_SECRET')
|
||||||
end
|
end
|
||||||
|
|
|
||||||
Reference in New Issue