diff options
author | ThibG <thib@sitedethib.com> | 2019-06-25 22:43:33 +0200 |
---|---|---|
committer | GitHub <noreply@github.com> | 2019-06-25 22:43:33 +0200 |
commit | ed10ae2693e83ac7fbac7273b2cf2ca424aca0c4 (patch) | |
tree | a9bc878edcd521969d50fcc54fcc30f7b2ca54b5 /app/controllers/media_controller.rb | |
parent | 38d28824475056766c97385b66f4e04a5123e3a2 (diff) | |
parent | 81bf43cfdd0d31ee4564a1399ce7fbe07eb04bb3 (diff) |
Merge pull request #1138 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/controllers/media_controller.rb')
-rw-r--r-- | app/controllers/media_controller.rb | 12 |
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb index a245db2d1..d44b52d26 100644 --- a/app/controllers/media_controller.rb +++ b/app/controllers/media_controller.rb @@ -7,6 +7,8 @@ class MediaController < ApplicationController before_action :set_media_attachment before_action :verify_permitted_status! + before_action :check_playable, only: :player + before_action :allow_iframing, only: :player content_security_policy only: :player do |p| p.frame_ancestors(false) @@ -18,8 +20,6 @@ class MediaController < ApplicationController def player @body_classes = 'player' - response.headers['X-Frame-Options'] = 'ALLOWALL' - raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv? end private @@ -34,4 +34,12 @@ class MediaController < ApplicationController # Reraise in order to get a 404 instead of a 403 error code raise ActiveRecord::RecordNotFound end + + def check_playable + not_found unless @media_attachment.larger_media_format? + end + + def allow_iframing + response.headers['X-Frame-Options'] = 'ALLOWALL' + end end |