forked from Fediversity/Fediversity
fix CSP check
This commit is contained in:
parent
bddfd95ee4
commit
941d3bf2a9
|
@ -32,7 +32,7 @@ in
|
|||
};
|
||||
};
|
||||
services.mastodon = {
|
||||
extraConfig = {
|
||||
extraConfig = rec {
|
||||
S3_ENABLED = "true";
|
||||
S3_ENDPOINT = "http://s3.garage.localhost:3900";
|
||||
S3_REGION = "garage";
|
||||
|
@ -44,8 +44,7 @@ in
|
|||
S3_PROTOCOL = "http";
|
||||
S3_HOSTNAME = "web.garage.localhost:3902";
|
||||
# by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>"
|
||||
# but we want "<S3_BUCKET>.<S3_HOSTNAME>"
|
||||
S3_ALIAS_HOST = "mastodon.web.garage.localhost:3902";
|
||||
S3_ALIAS_HOST = "${S3_BUCKET}.${S3_HOSTNAME}";
|
||||
# SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
|
||||
# TODO: can we set up ACLs with garage?
|
||||
S3_PERMISSION = "";
|
||||
|
|
|
@ -113,15 +113,21 @@ rebuildableTest {
|
|||
|
||||
with subtest("Content security policy allows garage images"):
|
||||
headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
|
||||
csp_match = re.match('^Content-Security-Policy: (.*)$', headers, re.M)
|
||||
csp_match = None
|
||||
# I can't figure out re.MULTILINE
|
||||
for header in headers.split("\n"):
|
||||
csp_match = re.match('^Content-Security-Policy: (.*)$', header)
|
||||
if csp_match is not None:
|
||||
break
|
||||
if csp_match is None:
|
||||
raise Exception("mastodon did not send a content security policy header")
|
||||
csp = csp_match.group(1)
|
||||
# the content security policy should include the garage server
|
||||
garage_csp = re.match(".*web\.garage\.localhost:3902.*", csp)
|
||||
# the img-src content security policy should include the garage server
|
||||
garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
|
||||
if garage_csp is None:
|
||||
raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
|
||||
|
||||
# this could in theory give a false positive if mastodon changes it's colorscheme to include pure green.
|
||||
with subtest("image displays"):
|
||||
server.succeed("selenium-script")
|
||||
server.copy_from_vm("/mastodon-screenshot.png", "")
|
||||
|
|
Loading…
Reference in a new issue