Merge b6ad47e75b7859dfe21b20cd464dabcd935f4035 into 5cfe294063c9317928d8da3387004e3eaddc991a

2025-10-22 00:38:30 -05:00 · 2025-10-21 13:52:39 +05:30 · 2025-10-21 13:52:39 +05:30 · 1d08e85e03
commit 1d08e85e03
parent 5cfe294063 b6ad47e75b
3 changed files with 15 additions and 24 deletions
--- a/src/invidious/routes/before_all.cr
+++ b/src/invidious/routes/before_all.cr
@ -1,4 +1,17 @@
 module Invidious::Routes::BeforeAll
+  struct CompanionCSP
+    property companion_urls : String = ""
+
+    def initialize
+      self.companion_urls = CONFIG.invidious_companion.reject(&.builtin_proxy).map do |companion|
+        uri =
+          "#{companion.public_url.scheme}://#{companion.public_url.host}#{companion.public_url.port ? ":#{companion.public_url.port}" : ""}"
+      end.join(" ")
+    end
+  end
+
+  private COMPANION_CSP = CompanionCSP.new
+
  def self.handle(env)
    preferences = Preferences.from_json("{}")

@ -35,9 +48,9 @@ module Invidious::Routes::BeforeAll
      "style-src 'self' 'unsafe-inline'",
      "img-src 'self' data:",
      "font-src 'self' data:",
-      "connect-src 'self'",
+      "connect-src 'self' " + COMPANION_CSP.companion_urls,
      "manifest-src 'self'",
-      "media-src 'self' blob:",
+      "media-src 'self' blob: " + COMPANION_CSP.companion_urls,
      "child-src 'self' blob:",
      "frame-src 'self'",
      "frame-ancestors " + frame_ancestors,
--- a/src/invidious/routes/embed.cr
+++ b/src/invidious/routes/embed.cr
@ -209,17 +209,6 @@ module Invidious::Routes::Embed

    if CONFIG.invidious_companion.present?
      invidious_companion = CONFIG.invidious_companion.sample
-      invidious_companion_urls = CONFIG.invidious_companion.reject(&.builtin_proxy).map do |companion|
-        uri =
-          "#{companion.public_url.scheme}://#{companion.public_url.host}#{companion.public_url.port ? ":#{companion.public_url.port}" : ""}"
-      end.join(" ")
-
-      if !invidious_companion_urls.empty?
-        env.response.headers["Content-Security-Policy"] =
-          env.response.headers["Content-Security-Policy"]
-            .gsub("media-src", "media-src #{invidious_companion_urls}")
-            .gsub("connect-src", "connect-src #{invidious_companion_urls}")
-      end
    end

    rendered "embed"
--- a/src/invidious/routes/watch.cr
+++ b/src/invidious/routes/watch.cr
@ -194,17 +194,6 @@ module Invidious::Routes::Watch

    if CONFIG.invidious_companion.present?
      invidious_companion = CONFIG.invidious_companion.sample
-      invidious_companion_urls = CONFIG.invidious_companion.reject(&.builtin_proxy).map do |companion|
-        uri =
-          "#{companion.public_url.scheme}://#{companion.public_url.host}#{companion.public_url.port ? ":#{companion.public_url.port}" : ""}"
-      end.join(" ")
-
-      if !invidious_companion_urls.empty?
-        env.response.headers["Content-Security-Policy"] =
-          env.response.headers["Content-Security-Policy"]
-            .gsub("media-src", "media-src #{invidious_companion_urls}")
-            .gsub("connect-src", "connect-src #{invidious_companion_urls}")
-      end
    end

    templated "watch"