MetuFSS
/
metu.life
2
1
Fork 0
Code Issues Pull Requests Releases Wiki Activity

fix CSP / X-Frame-Options for media embeds (#9558)

Browse Source
master
jomo 6 years ago committed by Eugen Rochko
parent 857e8eb312
commit 2c1a6f746f
1 changed files with 5 additions and 0 deletions
Show all changes Ignore whitespace when comparing lines Ignore changes in amount of whitespace Ignore changes in whitespace at EOL
Show Stats Download Patch File Download Diff File
  1. 5
      app/controllers/media_controller.rb

5
app/controllers/media_controller.rb
Unescape View File

@ -6,12 +6,17 @@ class MediaController < ApplicationController
before_action :set_media_attachment
before_action :verify_permitted_status!
content_security_policy only: :player do |p|
p.frame_ancestors(false)
end
def show
redirect_to @media_attachment.file.url(:original)
end
def player
@body_classes = 'player'
response.headers['X-Frame-Options'] = 'ALLOWALL'
raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
end

Write Preview
Loading…
Cancel
Save