CSP enabled live setting
This commit is contained in:
parent
881a7cfa7a
commit
62d263c238
|
@ -16,7 +16,8 @@ object Dev extends LilaController {
|
|||
Env.irwin.irwinModeSetting,
|
||||
Env.api.assetVersionSetting,
|
||||
Env.explorer.indexFlowSetting,
|
||||
Env.report.scoreThresholdSetting
|
||||
Env.report.scoreThresholdSetting,
|
||||
Env.api.cspEnabledSetting
|
||||
)
|
||||
|
||||
def settings = Secure(_.Settings) { implicit ctx => me =>
|
||||
|
|
|
@ -54,6 +54,8 @@ object Environment
|
|||
|
||||
def contactEmailLink = Html(s"""<a href="mailto:$contactEmail">$contactEmail</a>""")
|
||||
|
||||
def cspEnabled = apiEnv.cspEnabledSetting.get _
|
||||
|
||||
def isChatPanicEnabled =
|
||||
lila.chat.Env.current.panic.enabled
|
||||
|
||||
|
|
|
@ -21,7 +21,7 @@ csp: Option[lila.common.ContentSecurityPolicy] = None)(body: Html)(implicit ctx:
|
|||
<!-- Lichess is open source! See https://github.com/ornicar/lila -->
|
||||
<head>
|
||||
<meta charset="utf-8">
|
||||
@if(isGranted(_.Beta)) {
|
||||
@if(cspEnabled()) {
|
||||
<meta http-equiv="Content-Security-Policy" content="@csp.getOrElse(defaultCsp)">
|
||||
}
|
||||
@if(isProd) {
|
||||
|
|
|
@ -67,6 +67,12 @@ final class Env(
|
|||
init = (config, db) => config.value max db.value
|
||||
)
|
||||
|
||||
val cspEnabledSetting = settingStore[Boolean](
|
||||
"cspEnabled",
|
||||
default = true,
|
||||
text = "Enable CSP for everyone.".some
|
||||
)
|
||||
|
||||
object Accessibility {
|
||||
val blindCookieName = config getString "accessibility.blind.cookie.name"
|
||||
val blindCookieMaxAge = config getInt "accessibility.blind.cookie.max_age"
|
||||
|
|
Loading…
Reference in a new issue