routes: Allow embedding videos in local HTML files (fixes #4448)

The current Content Security Policy does not allow to embed videos
inside local HTML files which are viewed in the browser via the file
protocol. This commit adds the file protocol to the allowed frame
ancestors, so that the embedded videos load correctly in local HTML
files.

This behaviour is consistent which how the official YouTube website
allows to embed videos from itself.

Signed-off-by: Tomasz Wilczyński <twilczynski@naver.com>
This commit is contained in:
Tomasz Wilczyński 2024-02-24 20:01:16 +01:00
parent e8a36985af
commit 4adb4c00d2
No known key found for this signature in database
GPG key ID: E0CC5A2A40F9DDFB

View file

@ -30,7 +30,7 @@ module Invidious::Routes::BeforeAll
# Only allow the pages at /embed/* to be embedded # Only allow the pages at /embed/* to be embedded
if env.request.resource.starts_with?("/embed") if env.request.resource.starts_with?("/embed")
frame_ancestors = "'self' http: https:" frame_ancestors = "'self' file: http: https:"
else else
frame_ancestors = "'none'" frame_ancestors = "'none'"
end end