fix CSP check

This commit is contained in:
Taeer Bar-Yam 2024-07-25 07:45:57 -04:00
parent bddfd95ee4
commit 941d3bf2a9
2 changed files with 11 additions and 6 deletions

View file

@ -32,7 +32,7 @@ in
};
};
services.mastodon = {
extraConfig = {
extraConfig = rec {
S3_ENABLED = "true";
S3_ENDPOINT = "http://s3.garage.localhost:3900";
S3_REGION = "garage";
@ -44,8 +44,7 @@ in
S3_PROTOCOL = "http";
S3_HOSTNAME = "web.garage.localhost:3902";
# by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>"
# but we want "<S3_BUCKET>.<S3_HOSTNAME>"
S3_ALIAS_HOST = "mastodon.web.garage.localhost:3902";
S3_ALIAS_HOST = "${S3_BUCKET}.${S3_HOSTNAME}";
# SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
# TODO: can we set up ACLs with garage?
S3_PERMISSION = "";

View file

@ -113,15 +113,21 @@ rebuildableTest {
with subtest("Content security policy allows garage images"):
headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
csp_match = re.match('^Content-Security-Policy: (.*)$', headers, re.M)
csp_match = None
# I can't figure out re.MULTILINE
for header in headers.split("\n"):
csp_match = re.match('^Content-Security-Policy: (.*)$', header)
if csp_match is not None:
break
if csp_match is None:
raise Exception("mastodon did not send a content security policy header")
csp = csp_match.group(1)
# the content security policy should include the garage server
garage_csp = re.match(".*web\.garage\.localhost:3902.*", csp)
# the img-src content security policy should include the garage server
garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
if garage_csp is None:
raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
# this could in theory give a false positive if mastodon changes it's colorscheme to include pure green.
with subtest("image displays"):
server.succeed("selenium-script")
server.copy_from_vm("/mastodon-screenshot.png", "")