diff options
| author | pluralcafe-docker <git@plural.cafe> | 2018-12-27 21:35:47 +0000 |
|---|---|---|
| committer | pluralcafe-docker <git@plural.cafe> | 2018-12-27 21:35:47 +0000 |
| commit | 797a8429a0deb511e6d6092edad39f856231534e (patch) | |
| tree | 6e44d3c2a5a662dfc4e4087fdc391b8e7bb41dba /app/controllers/media_controller.rb | |
| parent | 94894b8a6ad1247306497dc8c0c47d52a8a2f72c (diff) | |
| parent | f349fe2159fb36e598263f2797f041417ef7c2da (diff) | |
Merge branch 'glitch'
Diffstat (limited to 'app/controllers/media_controller.rb')
| -rw-r--r-- | app/controllers/media_controller.rb | 5 |
1 files changed, 5 insertions, 0 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb index 88c7232dd..8e1624ce1 100644 --- a/app/controllers/media_controller.rb +++ b/app/controllers/media_controller.rb @@ -6,12 +6,17 @@ class MediaController < ApplicationController before_action :set_media_attachment before_action :verify_permitted_status! + content_security_policy only: :player do |p| + p.frame_ancestors(false) + end + def show redirect_to @media_attachment.file.url(:original) end def player @body_classes = 'player' + response.headers['X-Frame-Options'] = 'ALLOWALL' raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv? end |