coop-cloud/funkwhale
1
0
Fork 1
Code Issues 3 Pull Requests 2 Projects Releases Wiki Activity

Embedded player not working because of restrictive Content Security Policy #5

New Issue
Closed
opened 2024-11-13 15:29:44 +00:00 by Numerica · 1 comment
Numerica commented 2024-11-13 15:29:44 +00:00
Copy Link

We're trying to embed a player into another site, but current nginx configuration disallows it.
Besides, it is currently hardcoded therefore it cannot be configured.

The actual content-security-policy is here

nginx.conf.tmpl Line 24 in b1aacaea7d
add_header Content-Security-Policy "default-src 'self'; script-src 'self'; style-src 'self' 'unsafe-inline'; img-src 'self' data:; font-src 'self' data:; object-src 'none'; media-src 'self' data:; worker-src 'self'";

We think a possible solution would be to introduce an environment variable there.

Otherwise, we'd happily implement any workaround meanwhile

Thanks

We're trying to embed a player into another site, but current nginx configuration disallows it. Besides, it is currently hardcoded therefore it cannot be configured. The actual content-security-policy is here https://git.coopcloud.tech/coop-cloud/funkwhale/src/commit/b1aacaea7de7085ba7b027a774683d22299de478/nginx.conf.tmpl#L24 We think a possible solution would be to introduce an environment variable there. Otherwise, we'd happily implement any workaround meanwhile Thanks
embed.png
174 KiB
embed.png
Numerica commented 2024-11-15 22:50:12 +00:00
Author
Copy Link

apparently this was all about allowig unauthenticated api requests

closing for now as i'm not reproducing the error above

apparently this was all about allowig unauthenticated api requests closing for now as i'm not reproducing the error above
apireq.png
87 KiB
apireq.png
Sign in to join this conversation.
No Branch/Tag Specified
Branches Tags
Labels
No items
No Label
Milestone
No items
No Milestone
Projects
Clear projects
No project
Assignees
Clear assignees
3wordchant aadil abra-bot ammaratef45 Apfelwurm appletalk arjan basebuilder Brooke carla cas codegod100 coopcloud cyrnel decentral1se fauno flancian Frando iexos jade javielico jmakdah2 joe-irving kawaiipunk knoflook kolaente lambdabundesverband linnealovespie marlon mayel mirsal moritz nicksellen notplants p4u1 pau pharaohgraphy renovate-bot ripclap rix rscmbbng sef simon sixsmith stevensting tobias trav val virtualboys wolcen wykwit xynosis yksflip
No Assignees
1 Participants
Notifications
Due Date
No due date set.
Dependencies

No dependencies set.

Reference: coop-cloud/funkwhale#5
No description provided.
Delete Branch "%!s()"

Deleting a branch is permanent. Although the deleted branch may continue to exist for a short time before it actually gets removed, it CANNOT be undone in most cases. Continue?