diff options
author | Chocobozzz <me@florianbigard.com> | 2020-02-20 10:04:36 +0100 |
---|---|---|
committer | Chocobozzz <me@florianbigard.com> | 2020-02-20 10:11:17 +0100 |
commit | dfab4fa9c6d5b6f12ac844b191a51282b002d3f5 (patch) | |
tree | c453702157445168c89747833c57d91ff061bb4c /server/controllers | |
parent | 2db48acc46307f8f61a39ba073c3ef1ee31f2940 (diff) | |
download | PeerTube-dfab4fa9c6d5b6f12ac844b191a51282b002d3f5.tar.gz PeerTube-dfab4fa9c6d5b6f12ac844b191a51282b002d3f5.tar.zst PeerTube-dfab4fa9c6d5b6f12ac844b191a51282b002d3f5.zip |
Fix CSP for embeds
Diffstat (limited to 'server/controllers')
-rw-r--r-- | server/controllers/client.ts | 8 |
1 files changed, 7 insertions, 1 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts index dc3ff18fc..56685f102 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts | |||
@@ -2,10 +2,11 @@ import * as express from 'express' | |||
2 | import { join } from 'path' | 2 | import { join } from 'path' |
3 | import { root } from '../helpers/core-utils' | 3 | import { root } from '../helpers/core-utils' |
4 | import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants' | 4 | import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants' |
5 | import { asyncMiddleware } from '../middlewares' | 5 | import { asyncMiddleware, embedCSP } from '../middlewares' |
6 | import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' | 6 | import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' |
7 | import { ClientHtml } from '../lib/client-html' | 7 | import { ClientHtml } from '../lib/client-html' |
8 | import { logger } from '../helpers/logger' | 8 | import { logger } from '../helpers/logger' |
9 | import { CONFIG } from '@server/initializers/config' | ||
9 | 10 | ||
10 | const clientsRouter = express.Router() | 11 | const clientsRouter = express.Router() |
11 | 12 | ||
@@ -19,8 +20,13 @@ clientsRouter.use('/videos/watch/:id', asyncMiddleware(generateWatchHtmlPage)) | |||
19 | clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage)) | 20 | clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage)) |
20 | clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage)) | 21 | clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage)) |
21 | 22 | ||
23 | const embedCSPMiddleware = CONFIG.CSP.ENABLED | ||
24 | ? embedCSP | ||
25 | : (req: express.Request, res: express.Response, next: express.NextFunction) => next() | ||
26 | |||
22 | clientsRouter.use( | 27 | clientsRouter.use( |
23 | '/videos/embed', | 28 | '/videos/embed', |
29 | embedCSPMiddleware, | ||
24 | (req: express.Request, res: express.Response) => { | 30 | (req: express.Request, res: express.Response) => { |
25 | res.removeHeader('X-Frame-Options') | 31 | res.removeHeader('X-Frame-Options') |
26 | res.sendFile(embedPath) | 32 | res.sendFile(embedPath) |