CSP: Allow iframes on embed player

This commit is contained in:
href 2019-02-19 18:17:37 +01:00
parent 2d21ea1a0e
commit aa9af1d639
No known key found for this signature in database
GPG Key ID: EE8296C1A152C325

View File

@ -194,6 +194,11 @@ defmodule Pleroma.Web.OStatus.OStatusController do
true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do
conn
|> put_layout(:metadata_player)
|> put_resp_header("x-frame-options", "ALLOW")
|> put_resp_header(
"content-security-policy",
"default-src 'none'; img-src 'self' data: https:; media-src 'self' https:;"
)
|> put_view(Pleroma.Web.Metadata.PlayerView)
|> render("player.html", url)
else