refactor CSP and fix non proxied videoplayback due to CSP

Probably fixes #65

src/invidious.cr

@@ -88,7 +88,6 @@ REDDIT_URL      = URI.parse("https://www.reddit.com")
 YT_URL          = URI.parse("https://www.youtube.com")
 PUBSUB_HOST_URL = CONFIG.pubsub_domain
 HOST_URL        = make_host_url(Kemal.config)
-EXT_VIDEOP_LIST = gen_videoplayback_proxy_list()
 
 CHARS_SAFE         = "ABCDEFGHIJKLMNOPQRSTUVWXYZabcdefghijklmnopqrstuvwxyz0123456789-_"
 TEST_IDS           = {"AgbeGFYluEA", "BaW_jenozKc", "a9LDPn-MO4I", "ddFvjfvPnqk", "iqKdEhx-dD4"}

src/invidious/config.cr

@@ -209,7 +209,7 @@ class Config
 
   # External videoplayback proxies list. They should include `https://`
   # at the start of the URI
-  property external_videoplayback_proxy : Array(NamedTuple(url: String, balance: Bool)) = [] of NamedTuple(url: String, balance: Bool)
+  property external_videoplayback_proxy : Array(String) = [] of String
 
   property pubsub_domain : String = ""
 

src/invidious/helpers/utils.cr

@@ -390,7 +390,7 @@ def gen_videoplayback_proxy_list
   if !CONFIG.external_videoplayback_proxy.empty?
     external_videoplayback_proxy = ""
     CONFIG.external_videoplayback_proxy.each do |proxy|
-      external_videoplayback_proxy += " #{proxy[:url]}"
+      external_videoplayback_proxy += " #{proxy}"
     end
   else
     external_videoplayback_proxy = ""

src/invidious/http_server/utils.cr

@@ -9,14 +9,14 @@ module Invidious::HttpServer
     def check_external_proxy
       CONFIG.external_videoplayback_proxy.each do |proxy|
         begin
-          response = HTTP::Client.get("#{proxy[:url]}/health")
+          response = HTTP::Client.get("#{proxy}/health")
           if response.status_code == 200
-            @@proxy_alive = proxy[:url]
+            @@proxy_alive = proxy
-            LOGGER.debug("CheckExternalProxy: Proxy set to: '#{proxy[:url]}'")
+            LOGGER.debug("CheckExternalProxy: Proxy set to: '#{proxy}'")
             break
           end
         rescue
-          LOGGER.debug("CheckExternalProxy: Proxy '#{proxy[:url]}' is not available")
+          LOGGER.debug("CheckExternalProxy: Proxy '#{proxy}' is not available")
         end
       end
 	  if @@proxy_alive.empty?

src/invidious/routes/before_all.cr

@@ -20,12 +20,26 @@ module Invidious::Routes::BeforeAll
     env.response.headers["X-XSS-Protection"] = "1; mode=block"
     env.response.headers["X-Content-Type-Options"] = "nosniff"
 
+    extra_media_csp = ""
+    if CONFIG.invidious_companion.present?
+      extra_media_csp = " #{CONFIG.invidious_companion.sample.public_url}"
+    end
+
+    if !CONFIG.external_videoplayback_proxy.empty?
+      CONFIG.external_videoplayback_proxy.each do |proxy|
+        extra_media_csp += " #{proxy}"
+      end
+    end
+
     # Allow media resources to be loaded from google servers
     # TODO: check if *.youtube.com can be removed
     if CONFIG.disabled?("local") || !preferences.local
-      extra_media_csp = " https://*.googlevideo.com:443 https://*.youtube.com:443"
+      extra_media_csp += " https://*.googlevideo.com:443 https://*.youtube.com:443"
-    else
+    end
-      extra_media_csp = ""
+
+    extra_connect_csp = ""
+    if CONFIG.invidious_companion.present?
+      extra_connect_csp = " #{CONFIG.invidious_companion.sample.public_url}"
     end
 
     # Only allow the pages at /embed/* to be embedded
@@ -43,9 +57,9 @@ module Invidious::Routes::BeforeAll
       "style-src 'self' 'unsafe-inline'",
       "img-src 'self' data:",
       "font-src 'self' data:",
-      "connect-src 'self'" + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST,
+      "connect-src 'self'" + extra_connect_csp,
       "manifest-src 'self'",
-      "media-src 'self' blob:" + extra_media_csp + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST,
+      "media-src 'self' blob:" + extra_media_csp,
       "child-src 'self' blob:",
       "frame-src 'self'",
       "frame-ancestors " + frame_ancestors,