about summary refs log tree commit diff
path: root/app/controllers/media_controller.rb
diff options
context:
space:
mode:
Diffstat (limited to 'app/controllers/media_controller.rb')
-rw-r--r--app/controllers/media_controller.rb12
1 files changed, 10 insertions, 2 deletions
diff --git a/app/controllers/media_controller.rb b/app/controllers/media_controller.rb
index 352a04c54..05cf09c28 100644
--- a/app/controllers/media_controller.rb
+++ b/app/controllers/media_controller.rb
@@ -9,6 +9,8 @@ class MediaController < ApplicationController
   before_action :authenticate_user!, if: :whitelist_mode?
   before_action :set_media_attachment
   before_action :verify_permitted_status!
+  before_action :check_playable, only: :player
+  before_action :allow_iframing, only: :player
 
   content_security_policy only: :player do |p|
     p.frame_ancestors(false)
@@ -20,8 +22,6 @@ class MediaController < ApplicationController
 
   def player
     @body_classes = 'player'
-    response.headers['X-Frame-Options'] = 'ALLOWALL'
-    raise ActiveRecord::RecordNotFound unless @media_attachment.video? || @media_attachment.gifv?
   end
 
   private
@@ -35,4 +35,12 @@ class MediaController < ApplicationController
   rescue Mastodon::NotPermittedError
     raise ActiveRecord::RecordNotFound
   end
+
+  def check_playable
+    not_found unless @media_attachment.larger_media_format?
+  end
+
+  def allow_iframing
+    response.headers['X-Frame-Options'] = 'ALLOWALL'
+  end
 end
generated by cgit-pink (git 2.37.1) at 2024-07-01 16:28:09 +0000