1% Licensed under the Apache License, Version 2.0 (the "License"); you may not 2% use this file except in compliance with the License. You may obtain a copy of 3% the License at 4% 5% http://www.apache.org/licenses/LICENSE-2.0 6% 7% Unless required by applicable law or agreed to in writing, software 8% distributed under the License is distributed on an "AS IS" BASIS, WITHOUT 9% WARRANTIES OR CONDITIONS OF ANY KIND, either express or implied. See the 10% License for the specific language governing permissions and limitations under 11% the License. 12 13-module(chttpd_util). 14 15 16-export([ 17 get_chttpd_config/1, 18 get_chttpd_config/2, 19 get_chttpd_config_integer/2, 20 get_chttpd_config_boolean/2, 21 get_chttpd_auth_config/1, 22 get_chttpd_auth_config/2, 23 get_chttpd_auth_config_integer/2, 24 get_chttpd_auth_config_boolean/2, 25 maybe_add_csp_header/3 26]). 27 28 29get_chttpd_config(Key) -> 30 config:get("chttpd", Key, config:get("httpd", Key)). 31 32 33get_chttpd_config(Key, Default) -> 34 config:get("chttpd", Key, config:get("httpd", Key, Default)). 35 36 37get_chttpd_config_integer(Key, Default) -> 38 config:get_integer("chttpd", Key, 39 config:get_integer("httpd", Key, Default)). 40 41 42get_chttpd_config_boolean(Key, Default) -> 43 config:get_boolean("chttpd", Key, 44 config:get_boolean("httpd", Key, Default)). 45 46 47get_chttpd_auth_config(Key) -> 48 config:get("chttpd_auth", Key, config:get("couch_httpd_auth", Key)). 49 50 51get_chttpd_auth_config(Key, Default) -> 52 config:get("chttpd_auth", Key, 53 config:get("couch_httpd_auth", Key, Default)). 54 55 56get_chttpd_auth_config_integer(Key, Default) -> 57 config:get_integer("chttpd_auth", Key, 58 config:get_integer("couch_httpd_auth", Key, Default)). 59 60 61get_chttpd_auth_config_boolean(Key, Default) -> 62 config:get_boolean("chttpd_auth", Key, 63 config:get_boolean("couch_httpd_auth", Key, Default)). 64 65 66maybe_add_csp_header(Component, OriginalHeaders, DefaultHeaderValue) -> 67 Enabled = config:get_boolean("csp", Component ++ "_enable", true), 68 case Enabled of 69 true -> 70 HeaderValue = config:get("csp", Component ++ "_header_value", DefaultHeaderValue), 71 % As per https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy#multiple_content_security_policies 72 % The top most CSP header defines the most open policy, 73 % subsequent CSP headers set by show/list functions can 74 % only further restrict the policy. 75 % 76 % Ours goes on top and we don’t have to worry about additional 77 % headers set by users. 78 [{"Content-Security-Policy", HeaderValue} | OriginalHeaders]; 79 false -> 80 % Fallback for old config vars 81 case Component of 82 "utils" -> 83 handle_legacy_config(OriginalHeaders, DefaultHeaderValue); 84 _ -> 85 OriginalHeaders 86 end 87 end. 88 89handle_legacy_config(OriginalHeaders, DefaultHeaderValue) -> 90 LegacyUtilsEnabled = config:get_boolean("csp", "enable", true), 91 case LegacyUtilsEnabled of 92 true -> 93 LegacyUtilsHeaderValue = config:get("csp", "header_value", DefaultHeaderValue), 94 [{"Content-Security-Policy", LegacyUtilsHeaderValue} | OriginalHeaders]; 95 false -> 96 OriginalHeaders 97 end. 98