X-Git-Url: https://git.immae.eu/?a=blobdiff_plain;f=server%2Fcontrollers%2Fclient.ts;h=08c0f1fa61b40958a01538086104abf30cfcdbed;hb=399b3bc9a638482e93de27a99a372b45fc3ece43;hp=e4643e1711dc68a92b9b2c9158e2ca74536ebf00;hpb=a30a136c9896c656cab98d2c92cde32c534dc098;p=github%2FChocobozzz%2FPeerTube.git

diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index e4643e171..08c0f1fa6 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -2,10 +2,11 @@ import * as express from 'express'
 import { join } from 'path'
 import { root } from '../helpers/core-utils'
 import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants'
-import { asyncMiddleware } from '../middlewares'
+import { asyncMiddleware, embedCSP } from '../middlewares'
 import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n'
 import { ClientHtml } from '../lib/client-html'
 import { logger } from '../helpers/logger'
+import { CONFIG } from '@server/initializers/config'
 
 const clientsRouter = express.Router()
 
@@ -19,8 +20,13 @@ clientsRouter.use('/videos/watch/:id', asyncMiddleware(generateWatchHtmlPage))
 clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage))
 clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage))
 
+const embedCSPMiddleware = CONFIG.CSP.ENABLED
+  ? embedCSP
+  : (req: express.Request, res: express.Response, next: express.NextFunction) => next()
+
 clientsRouter.use(
   '/videos/embed',
+  embedCSPMiddleware,
   (req: express.Request, res: express.Response) => {
     res.removeHeader('X-Frame-Options')
     res.sendFile(embedPath)
@@ -70,7 +76,7 @@ function serveServerTranslations (req: express.Request, res: express.Response) {
   const locale = req.params.locale
   const file = req.params.file
 
-  if (is18nLocale(locale) && LOCALE_FILES.indexOf(file) !== -1) {
+  if (is18nLocale(locale) && LOCALE_FILES.includes(file)) {
     const completeLocale = getCompleteLocale(locale)
     const completeFileLocale = buildFileLocale(completeLocale)