This repository has been archived by the owner on Dec 11, 2019. It is now read-only.
Torrent Viewer CSP rule blocks <iframe> content #7366
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Test Plan:
poster.jpg
orREADME.md
to view it in Brave.Description
Torrent content is rendered into <iframe> when it's not video or audio
content. For example, a .jpg or a .pdf file. This is because we're
using a viewer page that includes the content; we're not returning the
content directly.
This is because the torrent may not be active and in that case, we show
the "Start Download?" page.
When this occurs, CSP prevents the iframe from loading content from the
webtorrent server at http://localhost:port
This is because we only make a CSP exception for media elements, not
iframe elements. This is an easy fix.
Fixes: #7243
git rebase -i
to squash commits (if needed).Since this touches CSP, I'd appreciate if @diracdeltas could take a look 🔐 ✅