Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

fix iframe url in csp #1211

Merged
merged 4 commits into from
Aug 21, 2023
Merged

fix iframe url in csp #1211

Show file tree
Hide file tree
Changes from all commits
Commits
Show all changes
4 commits
Select commit Hold shift + click to select a range
35a4804
fix iframe url in csp
SebouChu Aug 21, 2023
30de080
iframe host
SebouChu Aug 21, 2023
3d46ec5
csp domain
SebouChu Aug 21, 2023
f502374
tests
SebouChu Aug 21, 2023
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
3 changes: 2 additions & 1 deletion app/models/communication/website/with_security.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -32,7 +32,8 @@ def external_domains_from_blocks_video
list = []
blocks.where(template_kind: :video).each do |block|
video_url = block.template.url
list << URI.parse(video_url).host if url.present?
next unless video_url.present?
list << Video::Provider.find(video_url).csp_domain
end
list
end
Expand Down
10 changes: 7 additions & 3 deletions app/services/video/provider/default.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
@@ -1,6 +1,6 @@
class Video::Provider::Default
DOMAINS = []

attr_reader :video_url

include ActionView::Helpers::TagHelper
Expand All @@ -17,6 +17,10 @@ def iframe_url
video_url
end

def csp_domain
URI.parse(iframe_url).host
end

def iframe_tag(**iframe_options)
content_tag(:iframe, nil, default_iframe_options.merge(iframe_options))
end
Expand All @@ -36,8 +40,8 @@ def default_iframe_options
protected

def url_in_domains?
self.class::DOMAINS.any? do |domain|
video_url.include?(domain)
self.class::DOMAINS.any? do |domain|
video_url.include?(domain)
end
end
end
7 changes: 7 additions & 0 deletions test/services/video/provider_test.rb
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -10,26 +10,33 @@ def test_provider_empty
def test_vimeo
provider = Video::Provider.find('https://vimeo.com/248482251')
assert_equal Video::Provider::Vimeo, provider.class
assert_equal "player.vimeo.com", provider.csp_domain
end

def test_youtube
provider = Video::Provider.find('https://www.youtube.com/watch?v=sN8Cq5HEBug')
assert_equal Video::Provider::Youtube, provider.class
assert_equal "www.youtube.com", provider.csp_domain
provider = Video::Provider.find('https://youtu.be/sN8Cq5HEBug')
assert_equal Video::Provider::Youtube, provider.class
assert_equal "www.youtube.com", provider.csp_domain
end

def test_dailymotion
provider = Video::Provider.find('https://www.dailymotion.com/video/x35l6b8')
assert_equal Video::Provider::Dailymotion, provider.class
assert_equal "www.dailymotion.com", provider.csp_domain
provider = Video::Provider.find('https://dai.ly/x35l6b8')
assert_equal Video::Provider::Dailymotion, provider.class
assert_equal "www.dailymotion.com", provider.csp_domain
end

def test_peertube
provider = Video::Provider.find('https://peertube.fr/w/1i848Qvi7Q3ytW2uPY8AxG')
assert_equal Video::Provider::Peertube, provider.class
assert_equal "peertube.fr", provider.csp_domain
provider = Video::Provider.find('https://peertube.my.noesya.coop/w/qBMwAAULLA9oadFgbtdyq8')
assert_equal Video::Provider::Peertube, provider.class
assert_equal "peertube.my.noesya.coop", provider.csp_domain
end
end
Loading