mirrors/rimgo
1
0
Fork 0
mirror of https://codeberg.org/video-prize-ranch/rimgo.git synced 2025-06-28 07:58:23 +00:00
Code Issues Projects Releases Wiki Activity

Fix CSP for cloudfront media

Browse Source
This commit is contained in:
video-prize-ranch 2022-01-28 18:27:38 -05:00
parent 668df16fd2
commit be24ab2342
No known key found for this signature in database
GPG Key ID: D8EAA4C5B12A7281
3 changed files with 6 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

3
api/comments.go
View File

@ -55,6 +55,9 @@ func ParseComment(data gjson.Result) types.Comment {
deletedAt, _ := utils.FormatDate(data.Get("deleted_at").String()) deletedAt, _ := utils.FormatDate(data.Get("deleted_at").String())
userAvatar := strings.ReplaceAll(data.Get("account.avatar").String(), "https://i.imgur.com", "") userAvatar := strings.ReplaceAll(data.Get("account.avatar").String(), "https://i.imgur.com", "")
if viper.GetBool("CF_ALL_MEDIA") {
userAvatar = viper.GetString("CF_MEDIA_DISTRIBUTION") + userAvatar
}
wg := sync.WaitGroup{} wg := sync.WaitGroup{}
comments := make([]types.Comment, 0) comments := make([]types.Comment, 0)

2
pages/gallery.go
View File

@ -9,7 +9,7 @@ import (
func HandleGallery(c *fiber.Ctx) error { func HandleGallery(c *fiber.Ctx) error {
utils.SetHeaders(c) utils.SetHeaders(c)
c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self'; media-src 'self' *.cloudfront.net; img-src 'self' *.cloudfront.net; font-src 'self'; block-all-mixed-content")
album, err := api.FetchAlbum(c.Params("galleryID")) album, err := api.FetchAlbum(c.Params("galleryID"))
if err != nil { if err != nil {

2
pages/user.go
View File

@ -12,7 +12,7 @@ import (
func HandleUser(c *fiber.Ctx) error { func HandleUser(c *fiber.Ctx) error {
utils.SetHeaders(c) utils.SetHeaders(c)
c.Set("Cache-Control", "public,max-age=604800") c.Set("Cache-Control", "public,max-age=604800")
c.Set("Content-Security-Policy", "default-src 'none'; media-src 'self'; style-src 'unsafe-inline' 'self'; img-src 'self'; font-src 'self'; block-all-mixed-content") c.Set("Content-Security-Policy", "default-src 'none'; style-src 'self' 'unsafe-inline'; media-src 'self' *.cloudfront.net; img-src 'self' *.cloudfront.net; font-src 'self'; block-all-mixed-content")
wg := sync.WaitGroup{} wg := sync.WaitGroup{}
wg.Add(2) wg.Add(2)