aboutsummaryrefslogtreecommitdiffhomepage
path: root/server/controllers
diff options
context:
space:
mode:
authorChocobozzz <me@florianbigard.com>2020-02-20 10:04:36 +0100
committerChocobozzz <me@florianbigard.com>2020-02-20 10:11:17 +0100
commitdfab4fa9c6d5b6f12ac844b191a51282b002d3f5 (patch)
treec453702157445168c89747833c57d91ff061bb4c /server/controllers
parent2db48acc46307f8f61a39ba073c3ef1ee31f2940 (diff)
downloadPeerTube-dfab4fa9c6d5b6f12ac844b191a51282b002d3f5.tar.gz
PeerTube-dfab4fa9c6d5b6f12ac844b191a51282b002d3f5.tar.zst
PeerTube-dfab4fa9c6d5b6f12ac844b191a51282b002d3f5.zip
Fix CSP for embeds
Diffstat (limited to 'server/controllers')
-rw-r--r--server/controllers/client.ts8
1 files changed, 7 insertions, 1 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index dc3ff18fc..56685f102 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -2,10 +2,11 @@ import * as express from 'express'
2import { join } from 'path' 2import { join } from 'path'
3import { root } from '../helpers/core-utils' 3import { root } from '../helpers/core-utils'
4import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants' 4import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants'
5import { asyncMiddleware } from '../middlewares' 5import { asyncMiddleware, embedCSP } from '../middlewares'
6import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n' 6import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n'
7import { ClientHtml } from '../lib/client-html' 7import { ClientHtml } from '../lib/client-html'
8import { logger } from '../helpers/logger' 8import { logger } from '../helpers/logger'
9import { CONFIG } from '@server/initializers/config'
9 10
10const clientsRouter = express.Router() 11const clientsRouter = express.Router()
11 12
@@ -19,8 +20,13 @@ clientsRouter.use('/videos/watch/:id', asyncMiddleware(generateWatchHtmlPage))
19clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage)) 20clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage))
20clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage)) 21clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage))
21 22
23const embedCSPMiddleware = CONFIG.CSP.ENABLED
24 ? embedCSP
25 : (req: express.Request, res: express.Response, next: express.NextFunction) => next()
26
22clientsRouter.use( 27clientsRouter.use(
23 '/videos/embed', 28 '/videos/embed',
29 embedCSPMiddleware,
24 (req: express.Request, res: express.Response) => { 30 (req: express.Request, res: express.Response) => {
25 res.removeHeader('X-Frame-Options') 31 res.removeHeader('X-Frame-Options')
26 res.sendFile(embedPath) 32 res.sendFile(embedPath)