Verified Commit aa9af1d6 authored by href's avatar href
Browse files

CSP: Allow iframes on embed player

parent 2d21ea1a
......@@ -194,6 +194,11 @@ def notice_player(conn, %{"id" => id}) do
true <- String.starts_with?(url["mediaType"], ["audio", "video"]) do
|> put_layout(:metadata_player)
|> put_resp_header("x-frame-options", "ALLOW")
|> put_resp_header(
"default-src 'none'; img-src 'self' data: https:; media-src 'self' https:;"
|> put_view(Pleroma.Web.Metadata.PlayerView)
|> render("player.html", url)
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment