New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

fix CSP / X-Frame-Options for media embeds #9558

Merged
merged 1 commit into from Dec 18, 2018

Conversation

Projects
None yet
2 participants
@jomo
Copy link
Contributor

jomo commented Dec 18, 2018

Currently media is prevented from being embedded on external sites (example). This seems to be an oversight from #8957.

content_security_policy only: :embed do |p|
p.frame_ancestors(false)
end

The code is basically borrowed from statuses_controller.rb and now being added to media_controller.rb.

@jomo jomo changed the title allow iframing media embed view from external sites fix CSP / X-Frame-Options for media embeds Dec 18, 2018

@jomo jomo force-pushed the jomo:fix-frame-options branch from 2cc61f8 to a32dc05 Dec 18, 2018

@jomo jomo force-pushed the jomo:fix-frame-options branch from a32dc05 to dc282d0 Dec 18, 2018

@Gargron Gargron merged commit 2c1a6f7 into tootsuite:master Dec 18, 2018

11 checks passed

ci/circleci: build Your tests passed on CircleCI!
Details
ci/circleci: check-i18n Your tests passed on CircleCI!
Details
ci/circleci: install Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.3 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: install-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.3 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.4 Your tests passed on CircleCI!
Details
ci/circleci: test-ruby2.5 Your tests passed on CircleCI!
Details
ci/circleci: test-webui Your tests passed on CircleCI!
Details
codeclimate All good!
Details
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment