defmodule Legendary.CoreWeb.Router do
use Legendary.CoreWeb, :router
use Pow.Phoenix.Router
use Pow.Extension.Phoenix.Router,
extensions: [PowResetPassword, PowEmailConfirmation]
@host Application.compile_env(:core, :host)
@content_security_policy (case Mix.env() do
:prod ->
"default-src 'self';connect-src wss://#{@host};img-src 'self' blob:;font-src 'self' data:"
_ ->
"default-src 'self' 'unsafe-eval' 'unsafe-inline';" <>
"connect-src ws://#{@host}:*;" <>
"img-src 'self' blob: data:;"
"font-src 'self' data:;"
end)
pipeline :browser do
plug :accepts, ["html"]
plug :fetch_session
plug :fetch_flash
plug :protect_from_forgery
plug :put_secure_browser_headers, %{"content-security-policy" => @content_security_policy}
end
pipeline :api do
plug :accepts, ["json"]
end
scope "/" do
pipe_through :browser
pow_routes()
pow_extension_routes()
end
if Mix.env() in [:e2e, :test] do
forward("/end-to-end", Legendary.CoreWeb.Plug.TestEndToEnd, otp_app: :app)
end
end