diff --git a/src/invidious/routes/before_all.cr b/src/invidious/routes/before_all.cr index f6a9bb00..0296651e 100644 --- a/src/invidious/routes/before_all.cr +++ b/src/invidious/routes/before_all.cr @@ -43,9 +43,9 @@ module Invidious::Routes::BeforeAll "style-src 'self' 'unsafe-inline'", "img-src 'self' data:", "font-src 'self' data:", - "connect-src 'self'" + EXT_VIDEOP_LIST, + "connect-src 'self'" + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST, "manifest-src 'self'", - "media-src 'self' blob:" + extra_media_csp + EXT_VIDEOP_LIST, + "media-src 'self' blob:" + extra_media_csp + CONFIG.invidious_companion.sample.public_url + EXT_VIDEOP_LIST, "child-src 'self' blob:", "frame-src 'self'", "frame-ancestors " + frame_ancestors, diff --git a/src/invidious/routes/embed.cr b/src/invidious/routes/embed.cr index 49aeade5..00f24159 100644 --- a/src/invidious/routes/embed.cr +++ b/src/invidious/routes/embed.cr @@ -203,13 +203,6 @@ module Invidious::Routes::Embed return env.redirect url end - if companion_base_url = video.invidious_companion.try &.["baseUrl"].as_s - env.response.headers["Content-Security-Policy"] = - env.response.headers["Content-Security-Policy"] - .gsub("media-src", "media-src #{companion_base_url}") - .gsub("connect-src", "connect-src #{companion_base_url}") - end - rendered "embed" end end diff --git a/src/invidious/routes/watch.cr b/src/invidious/routes/watch.cr index c9bb9f7e..f0b65e7d 100644 --- a/src/invidious/routes/watch.cr +++ b/src/invidious/routes/watch.cr @@ -217,13 +217,6 @@ module Invidious::Routes::Watch video_url = nil end - if companion_base_url = video.invidious_companion.try &.["baseUrl"].as_s - env.response.headers["Content-Security-Policy"] = - env.response.headers["Content-Security-Policy"] - .gsub("media-src", "media-src #{companion_base_url}") - .gsub("connect-src", "connect-src #{companion_base_url}") - end - templated "watch" end