mirrors/nadeko_invidious
1
0
Fork 0
mirror of https://git.nadeko.net/Fijxu/invidious.git synced 2025-06-28 09:58:25 +00:00
Code Issues Actions 2 Packages Projects Releases Wiki Activity

restore missing extra_media_csp on CSP header
Some checks are pending
Build and release container directly from master / release (push) Waiting to run
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.12.2, true) (push) Waiting to run
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.13.3, true) (push) Waiting to run
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.14.1, true) (push) Waiting to run
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.15.1, true) (push) Waiting to run
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (1.16.3, true) (push) Waiting to run
Details
Invidious CI / build - crystal: ${{ matrix.crystal }}, stable: ${{ matrix.stable }} (nightly, false) (push) Waiting to run
Details
Invidious CI / build-docker (push) Waiting to run
Details
Invidious CI / build-docker-arm64 (push) Waiting to run
Details
Invidious CI / lint (push) Waiting to run
Details

Browse Source
This commit is contained in:
Fijxu 2025-05-21 17:03:04 -04:00
parent 9e4f78f360
commit f90b092692
No known key found for this signature in database
GPG Key ID: 32C1DDF333EDA6A4
1 changed files with 1 additions and 7 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/invidious/routes/before_all.cr
View File

@ -77,12 +77,6 @@ module Invidious::Routes::BeforeAll
extra_media_csp, extra_connect_csp = BackendInfo.get_csp(env.get("current_companion").as(Int32)) extra_media_csp, extra_connect_csp = BackendInfo.get_csp(env.get("current_companion").as(Int32))
end end
# Allow media resources to be loaded from google servers
# TODO: check if *.youtube.com can be removed
if CONFIG.disabled?("local") || !preferences.local
extra_media_csp += " https://*.googlevideo.com:443 https://*.youtube.com:443"
end
# Only allow the pages at /embed/* to be embedded # Only allow the pages at /embed/* to be embedded
if env.request.resource.starts_with?("/embed") if env.request.resource.starts_with?("/embed")
frame_ancestors = "'self' file: http: https:" frame_ancestors = "'self' file: http: https:"
@ -103,7 +97,7 @@ module Invidious::Routes::BeforeAll
"font-src 'self' data:", "font-src 'self' data:",
"connect-src 'self'" + extra_connect_csp, "connect-src 'self'" + extra_connect_csp,
"manifest-src 'self'", "manifest-src 'self'",
"media-src 'self' blob:", "media-src 'self' blob:" + extra_media_csp,
"child-src 'self' blob:", "child-src 'self' blob:",
"frame-src 'self'", "frame-src 'self'",
"frame-ancestors " + frame_ancestors, "frame-ancestors " + frame_ancestors,