diff options
| author | Vika <vika@fireburn.ru> | 2025-04-06 23:05:24 +0300 |
|---|---|---|
| committer | Vika <vika@fireburn.ru> | 2025-04-09 23:31:57 +0300 |
| commit | 72e9879394d3f82de9b5f4911295b81ee92f260b (patch) | |
| tree | b3162515c59aa705dbc0ae0176f2bff58efc8aaa /src/lib.rs | |
| parent | 40694873befb6159448c7e48bb02cc8c4f2e030b (diff) | |
| download | kittybox-72e9879394d3f82de9b5f4911295b81ee92f260b.tar.zst | |
Allow embedding the Bandcamp player for jam posts
Bandcamp embeds use iframes. I should probably collect more info on popular embeds and potentially allowlist them here. Change-Id: I7e0b4dae2ac052f6a48ad629c658b2bf851151ff
Diffstat (limited to 'src/lib.rs')
| -rw-r--r-- | src/lib.rs | 4 |
1 files changed, 4 insertions, 0 deletions
diff --git a/src/lib.rs b/src/lib.rs index e2fac56..4aeaca5 100644 --- a/src/lib.rs +++ b/src/lib.rs @@ -320,6 +320,10 @@ St: Clone + Send + Sync + 'static "style-src 'self';", // Only use styles we serve. "base-uri 'none';", // Do not allow to change the base URI. "object-src 'none';", // Do not allow to embed objects (Flash/ActiveX). + + // Allow embedding the Bandcamp player for jam posts. + // TODO: perhaps make this policy customizable?… + "frame-src 'self' https://bandcamp.com/EmbeddedPlayer/;" ) ) )) |