Fixed torrent viewer CSP rule blocks <iframe> content

[feross]

Test Plan:

1. Load the WIRED CD torrent from https://codepen.io/ferossity/full/qaezaB/
2. Start the torrent
3. Click on a non-media file like poster.jpg or README.md to view it in Brave.
4. It should load and display correctly.

Original issue description

• Did you search for similar issues before submitting this one? Yes

• Describe the issue you encountered:

Sometimes torrent content is rendered in an <iframe> instead of a <video> or <audio> tag. It's unclear why. When this occurs, CSP prevents the iframe from loading content from the webtorrent server at http://localhost:port

• Platform (Win7, 8, 10? macOS? Linux distro?): macOS Sierra

• Brave Version (revision SHA): master @ 6cf4f1b

• Steps to reproduce:

  1. Happens to one of the torrents here, can't remember which off the top of my head https://codepen.io/ferossity/full/qaezaB/
  2. Start the torrent
  3. Click on a file in the torrent to view it in Brave

• Actual result: File content fails to load

• Expected result: File content should load

• Will the steps above reproduce in a fresh profile? If not what other info can be added? Yes

• Is this an issue in the currently released version? Yes

• Can this issue be consistently reproduced? Yes

[feross]

I can tackle this issue.

[feross]

Sometimes torrent content is rendered in an <iframe> instead of a <video> or <audio> tag. It's unclear why.

Torrent content is rendered into <iframe> when it's not video or audio content. For example, a .jpg or a .pdf file. This is because we're using a viewer page that includes the content; we're not returning the content directly.

This is because the torrent may not be active and in that case, we show the "Start Download?" page.

When this occurs, CSP prevents the iframe from loading content from the webtorrent server at http://localhost:port

This is because we only make a CSP exception for media elements, not iframe elements. This is an easy fix.

[bsclifton]

Moving to 0.14.1

[luixxiul]

Moving back to 0.14.0?

[feross]

Oh, sorry if I merged too soon.

[luixxiul]

By following the test plan I get this error.

[srirambv]

When torrent is opened within the the page, the file is not shown but opening the magnet link in a new tab it shows the file. Is this expected?

No errors in console, on Windows 10 x64, like @luixxiul mentioned

[feross]

@srirambv @luixxiul All this behavior is expected.

CodePen switched to https and that prevents us framing the magnet: link viewer, since magnet links are considered insecure content. Insecure content can't be framed in a secure context; that's "mixed content" and is prevented by the browser.

I'll add target='_blank' to all the links in the CodePen to make it easier to open links in a new tab, without the framing that CodePen is doing.

The console error spew is normal and harmless. Working as expected, though I'm working on preventing the spew in this PR: #7351