[bugfix] CSP policy fixes for S3/object storage (#2104)

* [bugfix] CSP policy fixes for S3 in non-proxied mode * It should be img-src * In both img-src and media-src we still need to include 'self'
author: Daenney <daenney@users.noreply.github.com> 2023-08-12 12:21:48 +0200
committer: GitHub <noreply@github.com> 2023-08-12 12:21:48 +0200
commit: 5e368d308942b8727e3086065a515d5fc9808e50 (patch)
tree: a4dd31d6f9d514abcb8cd1b06edb6831510b1cd3 /internal/middleware/middleware_test.go
parent: [bugfix] Add s3 endpoint as image-src and media-src for CSP (#2103) (diff)
download: gotosocial-5e368d308942b8727e3086065a515d5fc9808e50.tar.xz
1 files changed, 4 insertions, 4 deletions
diff --git a/internal/middleware/middleware_test.go b/internal/middleware/middleware_test.go
index fecae5dd1..81c7c0be1 100644
--- a/internal/middleware/middleware_test.go
+++ b/internal/middleware/middleware_test.go
@@ -44,25 +44,25 @@ func TestBuildContentSecurityPolicy(t *testing.T) {
 			s3Endpoint: "some-bucket-provider.com",
 			s3Proxy:    false,
 			s3Secure:   true,
-			expected:   "default-src 'self'; image-src https://some-bucket-provider.com; media-src https://some-bucket-provider.com",
+			expected:   "default-src 'self'; img-src 'self' https://some-bucket-provider.com; media-src 'self' https://some-bucket-provider.com",
 		},
 		{
 			s3Endpoint: "some-bucket-provider.com:6969",
 			s3Proxy:    false,
 			s3Secure:   true,
-			expected:   "default-src 'self'; image-src https://some-bucket-provider.com:6969; media-src https://some-bucket-provider.com:6969",
+			expected:   "default-src 'self'; img-src 'self' https://some-bucket-provider.com:6969; media-src 'self' https://some-bucket-provider.com:6969",
 		},
 		{
 			s3Endpoint: "some-bucket-provider.com:6969",
 			s3Proxy:    false,
 			s3Secure:   false,
-			expected:   "default-src 'self'; image-src http://some-bucket-provider.com:6969; media-src http://some-bucket-provider.com:6969",
+			expected:   "default-src 'self'; img-src 'self' http://some-bucket-provider.com:6969; media-src 'self' http://some-bucket-provider.com:6969",
 		},
 		{
 			s3Endpoint: "s3.nl-ams.scw.cloud",
 			s3Proxy:    false,
 			s3Secure:   true,
-			expected:   "default-src 'self'; image-src https://s3.nl-ams.scw.cloud; media-src https://s3.nl-ams.scw.cloud",
+			expected:   "default-src 'self'; img-src 'self' https://s3.nl-ams.scw.cloud; media-src 'self' https://s3.nl-ams.scw.cloud",
 		},
 		{
 			s3Endpoint: "some-bucket-provider.com",
author	Daenney <daenney@users.noreply.github.com>	2023-08-12 12:21:48 +0200
committer	GitHub <noreply@github.com>	2023-08-12 12:21:48 +0200
commit	5e368d308942b8727e3086065a515d5fc9808e50 (patch)
tree	a4dd31d6f9d514abcb8cd1b06edb6831510b1cd3 /internal/middleware/middleware_test.go
parent	[bugfix] Add s3 endpoint as image-src and media-src for CSP (#2103) (diff)
download	gotosocial-5e368d308942b8727e3086065a515d5fc9808e50.tar.xz