From 27b263eb5c72bf4cca0123a48faef5359c3bed97 Mon Sep 17 00:00:00 2001
From: Luke Hoersten <luke@hoersten.org>
Date: Sun, 17 Nov 2019 09:33:48 -0600
Subject: Added hardening settings.

---
 roles/pleroma/templates/prod.secret.exs.j2 | 10 ++++++++--
 1 file changed, 8 insertions(+), 2 deletions(-)

(limited to 'roles/pleroma/templates/prod.secret.exs.j2')

diff --git a/roles/pleroma/templates/prod.secret.exs.j2 b/roles/pleroma/templates/prod.secret.exs.j2
index 85b0bbb..c9b292d 100644
--- a/roles/pleroma/templates/prod.secret.exs.j2
+++ b/roles/pleroma/templates/prod.secret.exs.j2
@@ -2,8 +2,14 @@ use Mix.Config
 
 config :pleroma, Pleroma.Web.Endpoint,
    url: [host: "{{pleroma_link_host}}", scheme: "{{pleroma_link_scheme}}", port: {{pleroma_link_port}}],
-   http: [port: {{pleroma_port}}],
-   secret_key_base: "{{pleroma_secret_key}}"
+   http: [port: {{pleroma_port}}, ip: {127, 0, 0, 1}],
+   secret_key_base: "{{pleroma_secret_key}}",
+   secure_cookie_flag: true,
+   http_security: true
+
+config :pleroma, :http_security,
+  sts: true,
+  referrer_policy: "same-origin"
 
 config :pleroma, :instance,
   name: "{{pleroma_instance_name}}",
-- 
cgit v1.2.3