Verified Commit f4bfc628 authored by href's avatar href
Browse files

Player: allow styles on CSP, loop videos

parent aa9af1d6
......@@ -3,10 +3,10 @@ defmodule Pleroma.Web.Metadata.PlayerView do
import Phoenix.HTML.Tag, only: [content_tag: 3, tag: 2]
def render("player.html", %{"mediaType" => type, "href" => href}) do
tag_type =
{tag_type, tag_attrs} =
case type do
"audio" <> _ -> :audio
"video" <> _ -> :video
"audio" <> _ -> {:audio, []}
"video" <> _ -> {:video, [loop: true]}
end
content_tag(
......@@ -15,7 +15,7 @@ def render("player.html", %{"mediaType" => type, "href" => href}) do
tag(:source, src: href, type: type),
"Your browser does not support #{type} playback."
],
controls: true
[controls: true] ++ tag_attrs
)
end
end
......@@ -104,8 +104,8 @@ defp build_attachments(id, z = %{data: %{"attachment" => attachments}}) do
[
{:meta, [property: "twitter:card", content: "player"], []},
{:meta, [property: "twitter:player", content: player_url(id)], []},
{:meta, [property: "twitter:player:width", content: "1280"], []},
{:meta, [property: "twitter:player:height", content: "720"], []}
{:meta, [property: "twitter:player:width", content: "480"], []},
{:meta, [property: "twitter:player:height", content: "480"], []}
| acc
]
......
......@@ -197,7 +197,7 @@ def notice_player(conn, %{"id" => id}) do
|> put_resp_header("x-frame-options", "ALLOW")
|> put_resp_header(
"content-security-policy",
"default-src 'none'; img-src 'self' data: https:; media-src 'self' https:;"
"default-src 'none';style-src 'self' 'unsafe-inline';img-src 'self' data: https:; media-src 'self' https:;"
)
|> put_view(Pleroma.Web.Metadata.PlayerView)
|> render("player.html", url)
......
......@@ -3,10 +3,10 @@
<body>
<style type="text/css">
video {
video, audio {
width:100%;
max-width:600px;
height:auto;
height: auto;
}
</style>
......
Supports Markdown
0% or .
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment