diff options
author | ThibG <thib@sitedethib.com> | 2018-12-18 19:37:07 +0100 |
---|---|---|
committer | GitHub <noreply@github.com> | 2018-12-18 19:37:07 +0100 |
commit | 74ee5bdf37799fba5990a6b492e3d52c32efe8d7 (patch) | |
tree | afdeb6b23ff4d7bd5e53c4e13cb2c3dfafb4b986 /app/controllers/media_controller.rb | |
parent | 36d27e289177fdec5332539c94b8192022a412f2 (diff) | |
parent | 0ef2c1415a13d305d4c73c71f27a1366eee702a0 (diff) |
Merge pull request #862 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/controllers/media_controller.rb')
-rw-r--r-- | app/controllers/media_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb index 88c7232dd..8e1624ce1 100644 --- a/app/controllers/media_controller.rb +++ b/app/controllers/media_controller.rb @@ -6,12 +6,17 @@ class MediaController < ApplicationController before_action :set_media_attachment before_action :verify_permitted_status! + content_security_policy only: :player do |p| + p.frame_ancestors(false) + end + def show redirect_to @media_attachment.file.url(:original) end def player @body_classes = 'player' + response.headers['X-Frame-Options'] = 'ALLOWALL' raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv? end |