diff options
author | Rigel Kent <sendmemail@rigelk.eu> | 2018-07-16 09:02:08 +0200 |
---|---|---|
committer | Rigel Kent <par@rigelk.eu> | 2018-07-17 12:03:31 +0200 |
commit | d00e2393d4269c0b4e280753e5f82ac06bd218c6 (patch) | |
tree | 93b25f059422413e8d81beddec4d256228f6c687 /server | |
parent | a7dbc7dfc7a84b419a9b55d4a89e9a6e12384ae1 (diff) | |
download | PeerTube-d00e2393d4269c0b4e280753e5f82ac06bd218c6.tar.gz PeerTube-d00e2393d4269c0b4e280753e5f82ac06bd218c6.tar.zst PeerTube-d00e2393d4269c0b4e280753e5f82ac06bd218c6.zip |
selective route permission to use embeds with x-frame-deny
Diffstat (limited to 'server')
-rw-r--r-- | server/controllers/client.ts | 10 |
1 files changed, 7 insertions, 3 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts index bfdf35021..13ca15e9d 100644 --- a/server/controllers/client.ts +++ b/server/controllers/client.ts | |||
@@ -1,5 +1,6 @@ | |||
1 | import * as Bluebird from 'bluebird' | 1 | import * as Bluebird from 'bluebird' |
2 | import * as express from 'express' | 2 | import * as express from 'express' |
3 | import * as helmet from 'helmet' | ||
3 | import { join } from 'path' | 4 | import { join } from 'path' |
4 | import * as validator from 'validator' | 5 | import * as validator from 'validator' |
5 | import { escapeHTML, readFileBufferPromise, root } from '../helpers/core-utils' | 6 | import { escapeHTML, readFileBufferPromise, root } from '../helpers/core-utils' |
@@ -30,9 +31,12 @@ clientsRouter.use('/videos/watch/:id', | |||
30 | ) | 31 | ) |
31 | 32 | ||
32 | clientsRouter.use('' + | 33 | clientsRouter.use('' + |
33 | '/videos/embed', (req: express.Request, res: express.Response, next: express.NextFunction) => { | 34 | '/videos/embed', |
34 | res.sendFile(embedPath) | 35 | (req: express.Request, res: express.Response, next: express.NextFunction) => { |
35 | }) | 36 | res.removeHeader('X-Frame-Options') |
37 | res.sendFile(embedPath) | ||
38 | } | ||
39 | ) | ||
36 | clientsRouter.use('' + | 40 | clientsRouter.use('' + |
37 | '/videos/test-embed', (req: express.Request, res: express.Response, next: express.NextFunction) => { | 41 | '/videos/test-embed', (req: express.Request, res: express.Response, next: express.NextFunction) => { |
38 | res.sendFile(testEmbedPath) | 42 | res.sendFile(testEmbedPath) |