diff options
| author | Tomasz Wilczyński <twilczynski@naver.com> | 2024-02-24 20:01:16 +0100 |
|---|---|---|
| committer | Tomasz Wilczyński <twilczynski@naver.com> | 2024-02-24 20:01:16 +0100 |
| commit | 4adb4c00d2099ad7892579bfe4777d6f64a807a0 (patch) | |
| tree | 0805fbc94852ddf26071f6d3f43201a16a00dd13 /src | |
| parent | e8a36985aff1a5b33ddf9abea85dd2c23422c2f7 (diff) | |
| download | invidious-4adb4c00d2099ad7892579bfe4777d6f64a807a0.tar.gz invidious-4adb4c00d2099ad7892579bfe4777d6f64a807a0.tar.bz2 invidious-4adb4c00d2099ad7892579bfe4777d6f64a807a0.zip | |
routes: Allow embedding videos in local HTML files (fixes #4448)
The current Content Security Policy does not allow to embed videos
inside local HTML files which are viewed in the browser via the file
protocol. This commit adds the file protocol to the allowed frame
ancestors, so that the embedded videos load correctly in local HTML
files.
This behaviour is consistent which how the official YouTube website
allows to embed videos from itself.
Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com>
Diffstat (limited to 'src')
| -rw-r--r-- | src/invidious/routes/before_all.cr | 2 |
1 files changed, 1 insertions, 1 deletions
diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index 396840a4..5695dee9 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -30,7 +30,7 @@ module Invidious::Routes::BeforeAll # Only allow the pages at /embed/* to be embedded if env.request.resource.starts_with?("/embed") - frame_ancestors = "'self' http: https:" + frame_ancestors = "'self' file: http: https:" else frame_ancestors = "'none'" end |