CSP: Allow iframes on embed player
This commit is contained in:
parent
2d21ea1a0e
commit
aa9af1d639
|
@ -194,6 +194,11 @@ def notice_player(conn, %{"id" => id}) do
|
||||||
true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do
|
true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do
|
||||||
conn
|
conn
|
||||||
|> put_layout(:metadata_player)
|
|> put_layout(:metadata_player)
|
||||||
|
|> put_resp_header("x-frame-options", "ALLOW")
|
||||||
|
|> put_resp_header(
|
||||||
|
"content-security-policy",
|
||||||
|
"default-src 'none'; img-src 'self' data: https:; media-src 'self' https:;"
|
||||||
|
)
|
||||||
|> put_view(Pleroma.Web.Metadata.PlayerView)
|
|> put_view(Pleroma.Web.Metadata.PlayerView)
|
||||||
|> render("player.html", url)
|
|> render("player.html", url)
|
||||||
else
|
else
|
||||||
|
|
Loading…
Reference in New Issue