From db76ea578a550a4cbc0298d428b9c57ba605b276 Mon Sep 17 00:00:00 2001 From: Henry Jameson Date: Mon, 12 Apr 2021 00:38:25 +0300 Subject: [PATCH 1/4] try to fix ruffle on chrome --- lib/pleroma/web/plugs/http_security_plug.ex | 4 +++- 1 file changed, 3 insertions(+), 1 deletion(-) diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index cd1bae235..3ee48062e 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -117,7 +117,9 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do if Config.get(:env) == :dev do "script-src 'self' 'unsafe-eval'" else - "script-src 'self'" + # TODO right now unsafe-eval is needed for WASM to load in chrome + # see: https://github.com/WebAssembly/content-security-policy/issues/7 + "script-src 'self' 'unsafe-eval'" end report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"] From 79bd363a68cce0600c93eaa4ac08782333c3e8bb Mon Sep 17 00:00:00 2001 From: HJ <30-hj@users.noreply.git.pleroma.social> Date: Wed, 16 Nov 2022 21:27:04 +0000 Subject: [PATCH 2/4] Update lib/pleroma/web/plugs/http_security_plug.ex --- lib/pleroma/web/plugs/http_security_plug.ex | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 3ee48062e..7a987a30b 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -119,7 +119,7 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do else # TODO right now unsafe-eval is needed for WASM to load in chrome # see: https://github.com/WebAssembly/content-security-policy/issues/7 - "script-src 'self' 'unsafe-eval'" + "script-src 'self' 'wasm-unsafe-eval'" end report = if report_uri, do: ["report-uri ", report_uri, ";report-to csp-endpoint"] From a31d3589ed8c91cceece7dbdf362c9bfe69e0115 Mon Sep 17 00:00:00 2001 From: HJ <30-hj@users.noreply.git.pleroma.social> Date: Wed, 16 Nov 2022 21:28:35 +0000 Subject: [PATCH 3/4] Update http_security_plug.ex --- lib/pleroma/web/plugs/http_security_plug.ex | 2 -- 1 file changed, 2 deletions(-) diff --git a/lib/pleroma/web/plugs/http_security_plug.ex b/lib/pleroma/web/plugs/http_security_plug.ex index 7a987a30b..34895c8d5 100644 --- a/lib/pleroma/web/plugs/http_security_plug.ex +++ b/lib/pleroma/web/plugs/http_security_plug.ex @@ -117,8 +117,6 @@ defmodule Pleroma.Web.Plugs.HTTPSecurityPlug do if Config.get(:env) == :dev do "script-src 'self' 'unsafe-eval'" else - # TODO right now unsafe-eval is needed for WASM to load in chrome - # see: https://github.com/WebAssembly/content-security-policy/issues/7 "script-src 'self' 'wasm-unsafe-eval'" end From cddcafee7f69fc832b18a66a78a7d47692553ae5 Mon Sep 17 00:00:00 2001 From: Mark Felder Date: Thu, 17 Nov 2022 12:02:32 -0500 Subject: [PATCH 4/4] Document inclusion of wasm-unsafe-eval --- CHANGELOG.md | 1 + 1 file changed, 1 insertion(+) diff --git a/CHANGELOG.md b/CHANGELOG.md index 56f328234..66d01e005 100644 --- a/CHANGELOG.md +++ b/CHANGELOG.md @@ -18,6 +18,7 @@ The format is based on [Keep a Changelog](https://keepachangelog.com/en/1.0.0/). - Updated the recommended pleroma.vcl configuration for Varnish to target Varnish 7.0+ - Set timeout values for Oban queues. The default is infinity and some operations may not time out on their own. - Delete activities are federated at lowest priority +- CSP now includes wasm-unsafe-eval ### Added - `activeMonth` and `activeHalfyear` fields in NodeInfo usage.users object