mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2026-01-26 00:31:38 +00:00
Code Issues Actions 4 Packages Projects Releases Wiki Activity

refactor CSP and fix non proxied videoplayback due to CSP
Some checks failed
Build and release container directly from master / release (push) Has been cancelled
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.10.1, true) (push) Has been cancelled
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.11.2, true) (push) Has been cancelled
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.12.1, true) (push) Has been cancelled
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.13.2, true) (push) Has been cancelled
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.14.0, true) (push) Has been cancelled
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (nightly, false) (push) Has been cancelled
Details
Invidious CI / build-docker (push) Has been cancelled
Details
Invidious CI / build-docker-arm64 (push) Has been cancelled
Details
Invidious CI / lint (push) Has been cancelled
Details

Browse Source 
Probably fixes https://git.nadeko.net/Fijxu/invidious/issues/65
This commit is contained in:
Fijxu
2024-12-30 19:40:26 -03:00
parent 391659780d
commit 30c0b5059d
5 changed files with 24 additions and 12 deletions
Download Patch File Download Diff File Expand all files Collapse all files

23
src/invidious/routes/before_all.cr
View File

@@ -20,12 +20,25 @@ module Invidious::Routes::BeforeAll
env.response.headers["X-XSS-Protection"] = "1; mode=block"
env.response.headers["X-Content-Type-Options"] = "nosniff"
extra_media_csp = ""
extra_connect_csp = ""
if CONFIG.invidious_companion.present?
extra_media_csp = " #{CONFIG.invidious_companion.sample.public_url}"
extra_connect_csp = " #{CONFIG.invidious_companion.sample.public_url}"
end
if !CONFIG.external_videoplayback_proxy.empty?
CONFIG.external_videoplayback_proxy.each do |proxy|
extra_media_csp += " #{proxy}"
extra_connect_csp += " #{proxy}"
end
end
# Allow media resources to be loaded from google servers
# TODO: check if *.youtube.com can be removed
if CONFIG.disabled?("local") || !preferences.local
extra_media_csp = " https://*.googlevideo.com:443 https://*.youtube.com:443"
else
extra_media_csp = ""
extra_media_csp += " https://*.googlevideo.com:443 https://*.youtube.com:443"
end
# Only allow the pages at /embed/* to be embedded
@@ -43,9 +56,9 @@ module Invidious::Routes::BeforeAll
"style-src 'self' 'unsafe-inline'",
"img-src 'self' data:",
"font-src 'self' data:",
"connect-src 'self'" + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST,
"connect-src 'self'" + extra_connect_csp,
"manifest-src 'self'",
"media-src 'self' blob:" + extra_media_csp + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST,
"media-src 'self' blob:" + extra_media_csp,
"child-src 'self' blob:",
"frame-src 'self'",
"frame-ancestors " + frame_ancestors,