Handle Peertube Embeds (#1223)

* Handle peertube embeds * Permit full screen for Rumble and PeerTube * Use sandbox='allow-scripts' for iframes * Restore frame-src domains * Use endsWith --------- Co-authored-by: ekzyis <ek@stacker.news>
2024-06-20 17:28:25 +01:00 · 2024-06-20 17:28:25 +01:00 · 4fe920d12b
parent 78520b787b
commit 4fe920d12b
4 changed files with 45 additions and 3 deletions
--- a/components/item-full.js
+++ b/components/item-full.js
@ -106,8 +106,24 @@ function ItemEmbed ({ item }) {
        <div className={styles.videoContainer}>
          <iframe
            title='Rumble Video'
-            allowFullScreen=''
+            allowFullScreen
            src={meta?.href}
+            sandbox='allow-scripts'
+          />
+        </div>
+      </div>
+    )
+  }
+
+  if (provider === 'peertube') {
+    return (
+      <div className={styles.videoWrapper}>
+        <div className={styles.videoContainer}>
+          <iframe
+            title='PeerTube Video'
+            allowFullScreen
+            src={meta?.href}
+            sandbox='allow-scripts'
          />
        </div>
      </div>
--- a/components/text.js
+++ b/components/text.js
@ -281,8 +281,24 @@ export default memo(function Text ({ rel, imgproxyUrls, children, tab, itemId, o
                  <div className={styles.videoContainer}>
                    <iframe
                      title='Rumble Video'
-                      allowFullScreen=''
+                      allowFullScreen
                      src={meta?.href}
+                      sandbox='allow-scripts'
+                    />
+                  </div>
+                </div>
+              )
+            }
+
+            if (provider === 'peertube') {
+              return (
+                <div style={videoWrapperStyles}>
+                  <div className={styles.videoContainer}>
+                    <iframe
+                      title='PeerTube Video'
+                      allowFullScreen
+                      src={meta?.href}
+                      sandbox='allow-scripts'
                    />
                  </div>
                </div>
--- a/lib/url.js
+++ b/lib/url.js
@ -120,6 +120,16 @@ export function parseEmbedUrl (href) {
        }
      }
    }
+
+    if (hostname.endsWith('peertube.tv') || hostname.endsWith('bitcointv.com')) {
+      return {
+        provider: 'peertube',
+        id: null,
+        meta: {
+          href: href.replace('/w/', '/videos/embed/')
+        }
+      }
+    }
  } catch {
    // ignore
  }
--- a/middleware.js
+++ b/middleware.js
@ -42,7 +42,7 @@ export function middleware (request) {
    // unsafe-inline for styles is not ideal but okay if script-src is using nonces
    "style-src 'self' a.stacker.news 'unsafe-inline'",
    "manifest-src 'self'",
-    'frame-src www.youtube.com platform.twitter.com rumble.com',
+    'frame-src www.youtube.com platform.twitter.com rumble.com bitcointv.com peertube.tv',
    "connect-src 'self' https: wss:" + devSrc,
    // disable dangerous plugins like Flash
    "object-src 'none'",