mirror of
https://github.com/iv-org/invidious.git
synced 2024-11-08 13:42:27 +05:30
Allow embedding videos in local HTML files (#4450)
The current Content Security Policy does not allow to embed videos inside local HTML files which are viewed in the browser via the file protocol. This commit adds the file protocol to the allowed frame ancestors, so that the embedded videos load correctly in local HTML files. This behaviour is consistent which how the official YouTube website allows to embed videos from itself. Closes issue 4448
This commit is contained in:
commit
5e0f55333a
@ -30,7 +30,7 @@ module Invidious::Routes::BeforeAll
|
|||||||
|
|
||||||
# Only allow the pages at /embed/* to be embedded
|
# Only allow the pages at /embed/* to be embedded
|
||||||
if env.request.resource.starts_with?("/embed")
|
if env.request.resource.starts_with?("/embed")
|
||||||
frame_ancestors = "'self' http: https:"
|
frame_ancestors = "'self' file: http: https:"
|
||||||
else
|
else
|
||||||
frame_ancestors = "'none'"
|
frame_ancestors = "'none'"
|
||||||
end
|
end
|
||||||
|
Loading…
Reference in New Issue
Block a user