forked from Fediversity/simple-nixos-fediverse
fix CSP check
This commit is contained in:
parent
bddfd95ee4
commit
941d3bf2a9
|
@ -32,7 +32,7 @@ in
|
||||||
};
|
};
|
||||||
};
|
};
|
||||||
services.mastodon = {
|
services.mastodon = {
|
||||||
extraConfig = {
|
extraConfig = rec {
|
||||||
S3_ENABLED = "true";
|
S3_ENABLED = "true";
|
||||||
S3_ENDPOINT = "http://s3.garage.localhost:3900";
|
S3_ENDPOINT = "http://s3.garage.localhost:3900";
|
||||||
S3_REGION = "garage";
|
S3_REGION = "garage";
|
||||||
|
@ -44,8 +44,7 @@ in
|
||||||
S3_PROTOCOL = "http";
|
S3_PROTOCOL = "http";
|
||||||
S3_HOSTNAME = "web.garage.localhost:3902";
|
S3_HOSTNAME = "web.garage.localhost:3902";
|
||||||
# by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>"
|
# by default it tries to use "<S3_HOSTNAME>/<S3_BUCKET>"
|
||||||
# but we want "<S3_BUCKET>.<S3_HOSTNAME>"
|
S3_ALIAS_HOST = "${S3_BUCKET}.${S3_HOSTNAME}";
|
||||||
S3_ALIAS_HOST = "mastodon.web.garage.localhost:3902";
|
|
||||||
# SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
|
# SEE: the last section in https://docs.joinmastodon.org/admin/optional/object-storage/
|
||||||
# TODO: can we set up ACLs with garage?
|
# TODO: can we set up ACLs with garage?
|
||||||
S3_PERMISSION = "";
|
S3_PERMISSION = "";
|
||||||
|
|
|
@ -113,15 +113,21 @@ rebuildableTest {
|
||||||
|
|
||||||
with subtest("Content security policy allows garage images"):
|
with subtest("Content security policy allows garage images"):
|
||||||
headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
|
headers = server.succeed("xh -h http://masstodon.localhost:55001/public/local")
|
||||||
csp_match = re.match('^Content-Security-Policy: (.*)$', headers, re.M)
|
csp_match = None
|
||||||
|
# I can't figure out re.MULTILINE
|
||||||
|
for header in headers.split("\n"):
|
||||||
|
csp_match = re.match('^Content-Security-Policy: (.*)$', header)
|
||||||
|
if csp_match is not None:
|
||||||
|
break
|
||||||
if csp_match is None:
|
if csp_match is None:
|
||||||
raise Exception("mastodon did not send a content security policy header")
|
raise Exception("mastodon did not send a content security policy header")
|
||||||
csp = csp_match.group(1)
|
csp = csp_match.group(1)
|
||||||
# the content security policy should include the garage server
|
# the img-src content security policy should include the garage server
|
||||||
garage_csp = re.match(".*web\.garage\.localhost:3902.*", csp)
|
garage_csp = re.match(".*; img-src[^;]*web\.garage\.localhost:3902.*", csp)
|
||||||
if garage_csp is None:
|
if garage_csp is None:
|
||||||
raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
|
raise Exception("Mastodon's content security policy does not include garage server. image will not be displayed properly on mastodon.")
|
||||||
|
|
||||||
|
# this could in theory give a false positive if mastodon changes it's colorscheme to include pure green.
|
||||||
with subtest("image displays"):
|
with subtest("image displays"):
|
||||||
server.succeed("selenium-script")
|
server.succeed("selenium-script")
|
||||||
server.copy_from_vm("/mastodon-screenshot.png", "")
|
server.copy_from_vm("/mastodon-screenshot.png", "")
|
||||||
|
|
Reference in a new issue