about summary refs log tree commit diff
path: root/app/controllers/media_controller.rb
diff options
context:
space:
mode:
authorThibG <thib@sitedethib.com>2019-06-25 22:43:33 +0200
committerGitHub <noreply@github.com>2019-06-25 22:43:33 +0200
commited10ae2693e83ac7fbac7273b2cf2ca424aca0c4 (patch)
treea9bc878edcd521969d50fcc54fcc30f7b2ca54b5 /app/controllers/media_controller.rb
parent38d28824475056766c97385b66f4e04a5123e3a2 (diff)
parent81bf43cfdd0d31ee4564a1399ce7fbe07eb04bb3 (diff)
Merge pull request #1138 from ThibG/glitch-soc/merge-upstream
Merge upstream changes
Diffstat (limited to 'app/controllers/media_controller.rb')
-rw-r--r--app/controllers/media_controller.rb12
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index a245db2d1..d44b52d26 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -7,6 +7,8 @@ class MediaController < ApplicationController
 
   before_action :set_media_attachment
   before_action :verify_permitted_status!
+  before_action :check_playable, only: :player
+  before_action :allow_iframing, only: :player
 
   content_security_policy only: :player do |p|
     p.frame_ancestors(false)
@@ -18,8 +20,6 @@ class MediaController < ApplicationController
 
   def player
     @body_classes = 'player'
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
-    raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
   end
 
   private
@@ -34,4 +34,12 @@ class MediaController < ApplicationController
     # Reraise in order to get a 404 instead of a 403 error code
     raise ActiveRecord::RecordNotFound
   end
+
+  def check_playable
+    not_found unless @media_attachment.larger_media_format?
+  end
+
+  def allow_iframing
+    response.headers['X-Frame-Options'] = 'ALLOWALL'
+  end
 end