fricklerhandwerk/simple-nixos-fediverse
1
0
Fork 0
forked from Fediversity/simple-nixos-fediverse
Code Pull requests Activity

fix CSP check

Browse source
This commit is contained in:
Taeer Bar-Yam 2024-07-25 07:45:57 -04:00
parent bddfd95ee4
commit 941d3bf2a9
2 changed files with 11 additions and 6 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

5
mastodon.nix
View file

@ -32,7 +32,7 @@ in
}; };
}; };
services.mastodon = { services.mastodon = {
extraConfig = { extraConfig = rec {
S3_ENABLED = "true"; S3_ENABLED = "true";
S3_ENDPOINT = "http://s3.garage.localhost:3900"; S3_ENDPOINT = "http://s3.garage.localhost:3900";
S3_REGION = "garage"; S3_REGION = "garage";
@ -44,8 +44,7 @@ in
S3_PROTOCOL = "http"; S3_PROTOCOL = "http";
S3_HOSTNAME = "web.garage.localhost:3902"; S3_HOSTNAME = "web.garage.localhost:3902";
# by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>" # by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>"
# but we want "<S3_BUCKET>.<S3_HOSTNAME>" S3_ALIAS_HOST = "${S3_BUCKET}.${S3_HOSTNAME}";
S3_ALIAS_HOST = "mastodon.web.garage.localhost:3902";
# SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/ # SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
# TODO: can we set up ACLs with garage? # TODO: can we set up ACLs with garage?
S3_PERMISSION = ""; S3_PERMISSION = "";

12
tests/mastodon-garage.nix
View file

@ -113,15 +113,21 @@ rebuildableTest {
with subtest("Content security policy allows garage images"): with subtest("Content security policy allows garage images"):
headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local") headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
csp_match = re.match('^Content-Security-Policy: (.*)$', headers, re.M) csp_match = None
# I can't figure out re.MULTILINE
for header in headers.split("\n"):
csp_match = re.match('^Content-Security-Policy: (.*)$', header)
if csp_match is not None:
break
if csp_match is None: if csp_match is None:
raise Exception("mastodon did not send a content security policy header") raise Exception("mastodon did not send a content security policy header")
csp = csp_match.group(1) csp = csp_match.group(1)
# the content security policy should include the garage server # the img-src content security policy should include the garage server
garage_csp = re.match(".*web\.garage\.localhost:3902.*", csp) garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
if garage_csp is None: if garage_csp is None:
raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.") raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
# this could in theory give a false positive if mastodon changes it's colorscheme to include pure green.
with subtest("image displays"): with subtest("image displays"):
server.succeed("selenium-script") server.succeed("selenium-script")
server.copy_from_vm("/mastodon-screenshot.png", "") server.copy_from_vm("/mastodon-screenshot.png", "")