4 files changed, 32 insertions, 36 deletions
diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index dc3ff18fc..56685f102 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -2,10 +2,11 @@ import * as express from 'express'
 import { join } from 'path'
 import { root } from '../helpers/core-utils'
 import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants'
-import { asyncMiddleware } from '../middlewares'
+import { asyncMiddleware, embedCSP } from '../middlewares'
 import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n'
 import { ClientHtml } from '../lib/client-html'
 import { logger } from '../helpers/logger'
+import { CONFIG } from '@server/initializers/config'
 const clientsRouter = express.Router()
@@ -19,8 +20,13 @@ clientsRouter.use('/videos/watch/:id', asyncMiddleware(generateWatchHtmlPage))
 clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage))
 clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage))
+const embedCSPMiddleware = CONFIG.CSP.ENABLED
+  ? embedCSP
+  : (req: express.Request, res: express.Response, next: express.NextFunction) => next()
 clientsRouter.use(
  '/videos/embed',
+  embedCSPMiddleware,
  (req: express.Request, res: express.Response) => {
    res.removeHeader('X-Frame-Options')
    res.sendFile(embedPath)
diff --git a/server/lib/activitypub/actor.ts b/server/lib/activitypub/actor.ts
index f802658cf..0b21de0ca 100644
--- a/server/lib/activitypub/actor.ts
+++ b/server/lib/activitypub/actor.ts
@@ -176,8 +176,8 @@ async function updateActorAvatarInstance (actor: MActorDefault, info: AvatarInfo
  if (!info.name) return actor
  if (actor.Avatar) {
-    // Don't update the avatar if the filename did not change
+    // Don't update the avatar if the file URL did not change
-    if (actor.Avatar.fileUrl === info.fileUrl) return actor
+    if (info.fileUrl && actor.Avatar.fileUrl === info.fileUrl) return actor
    try {
      await actor.Avatar.destroy({ transaction: t })
diff --git a/server/lib/activitypub/process/process-follow.ts b/server/lib/activitypub/process/process-follow.ts
index 85f22d654..db7fb8568 100644
--- a/server/lib/activitypub/process/process-follow.ts
+++ b/server/lib/activitypub/process/process-follow.ts
@@ -59,7 +59,9 @@ async function processFollow (byActor: MActorSignature, targetActorURL: string)
      transaction: t
    })
-    if (actorFollow.state !== 'accepted' && CONFIG.FOLLOWERS.INSTANCE.MANUAL_APPROVAL === false) {
+    // Set the follow as accepted if the remote actor follows a channel or account
+    // Or if the instance automatically accepts followers
+    if (actorFollow.state !== 'accepted' && (isFollowingInstance === false || CONFIG.FOLLOWERS.INSTANCE.MANUAL_APPROVAL === false)) {
      actorFollow.state = 'accepted'
      await actorFollow.save({ transaction: t })
    }
diff --git a/server/models/video/video.ts b/server/models/video/video.ts
index eacffe186..a91a7663d 100644
--- a/server/models/video/video.ts
+++ b/server/models/video/video.ts
@@ -136,8 +136,7 @@ import {
  MVideoThumbnailBlacklist,
  MVideoWithAllFiles,
  MVideoWithFile,
-  MVideoWithRights,
+  MVideoWithRights
-  MStreamingPlaylistFiles
 } from '../../typings/models'
 import { MVideoFile, MVideoFileStreamingPlaylistVideo } from '../../typings/models/video/video-file'
 import { MThumbnail } from '../../typings/models/video/thumbnail'
@@ -437,42 +436,31 @@ export type AvailableForListIDsOptions = {
    }
    if (options.followerActorId) {
-      let localVideosReq: WhereOptions = {}
+      let localVideosReq = ''
      if (options.includeLocalVideos === true) {
-        localVideosReq = { remote: false }
+        localVideosReq = ' UNION ALL SELECT "video"."id" FROM "video" WHERE remote IS FALSE'
      }
      // Force actorId to be a number to avoid SQL injections
      const actorIdNumber = parseInt(options.followerActorId.toString(), 10)
      whereAnd.push({
-        [Op.or]: [
+        id: {
-          {
+          [Op.in]: Sequelize.literal(
-            id: {
+            '(' +
-              [ Op.in ]: Sequelize.literal(
+            'SELECT "videoShare"."videoId" AS "id" FROM "videoShare" ' +
-                '(' +
+            'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "videoShare"."actorId" ' +
-                'SELECT "videoShare"."videoId" AS "id" FROM "videoShare" ' +
+            'WHERE "actorFollow"."actorId" = ' + actorIdNumber +
-                'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "videoShare"."actorId" ' +
+            ' UNION ALL ' +
-                'WHERE "actorFollow"."actorId" = ' + actorIdNumber +
+            'SELECT "video"."id" AS "id" FROM "video" ' +
-                ')'
+            'INNER JOIN "videoChannel" ON "videoChannel"."id" = "video"."channelId" ' +
-              )
+            'INNER JOIN "account" ON "account"."id" = "videoChannel"."accountId" ' +
-            }
+            'INNER JOIN "actor" ON "account"."actorId" = "actor"."id" ' +
-          },
+            'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "actor"."id" ' +
-          {
+            'WHERE "actorFollow"."actorId" = ' + actorIdNumber +
-            id: {
+            localVideosReq +
-              [ Op.in ]: Sequelize.literal(
+            ')'
-                '(' +
+          )
-                'SELECT "video"."id" AS "id" FROM "video" ' +
+        }
-                'INNER JOIN "videoChannel" ON "videoChannel"."id" = "video"."channelId" ' +
-                'INNER JOIN "account" ON "account"."id" = "videoChannel"."accountId" ' +
-                'INNER JOIN "actor" ON "account"."actorId" = "actor"."id" ' +
-                'INNER JOIN "actorFollow" ON "actorFollow"."targetActorId" = "actor"."id" ' +
-                'WHERE "actorFollow"."actorId" = ' + actorIdNumber +
-                ')'
-              )
-            }
-          },
-          localVideosReq
-        ]
      })
    }