From: href Date: Tue, 19 Feb 2019 17:17:37 +0000 (+0100) Subject: CSP: Allow iframes on embed player X-Git-Url: http://git.squeep.com/?a=commitdiff_plain;h=aa9af1d639c21787acab7e09ef8d45b443793e2a;p=akkoma CSP: Allow iframes on embed player --- diff --git a/lib/pleroma/web/ostatus/ostatus_controller.ex b/lib/pleroma/web/ostatus/ostatus_controller.ex index 860b8210e..4877e032b 100644 --- a/lib/pleroma/web/ostatus/ostatus_controller.ex +++ b/lib/pleroma/web/ostatus/ostatus_controller.ex @@ -194,6 +194,11 @@ defmodule Pleroma.Web.OStatus.OStatusController do true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do conn |> put_layout(:metadata_player) + |> put_resp_header("x-frame-options", "ALLOW") + |> put_resp_header( + "content-security-policy", + "default-src 'none'; img-src 'self' data: https:; media-src 'self' https:;" + ) |> put_view(Pleroma.Web.Metadata.PlayerView) |> render("player.html", url) else