feat: embed base64 thumbnails in video objects
Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images. Addresses issues with missing thumbnails and enhances security settings.
This commit is contained in:
parent
d1896f49d4
commit
ac44c0e6cc
GPG key ID:
ECBCC9082395383F
2 changed files with 22 additions and 3 deletions
|
|
@ -222,6 +222,25 @@ class FrontController extends BaseController
|
||||||
}
|
}
|
||||||
}
|
}
|
||||||
|
|
||||||
|
/* Fetch the thumbnail, if it exists, and add a data URI to the video object */
|
||||||
|
if (isset($this->video->thumbnail) && $this->video->thumbnail !== '') {
|
||||||
|
/* Fetch the thumbnail */
|
||||||
|
$thumbnailData = file_get_contents($this->video->thumbnail);
|
||||||
|
$thumbnailData = base64_encode($thumbnailData);
|
||||||
|
/* Guess the mime type */
|
||||||
|
$thumbnailMime = 'image/jpeg';
|
||||||
|
|
||||||
|
if (strpos($this->video->thumbnail, '.png') !== false) {
|
||||||
|
$thumbnailMime = 'image/png';
|
||||||
|
} elseif (strpos($this->video->thumbnail, '.gif') !== false) {
|
||||||
|
$thumbnailMime = 'image/gif';
|
||||||
|
} elseif (strpos($this->video->thumbnail, '.webp') !== false) {
|
||||||
|
$thumbnailMime = 'image/webp';
|
||||||
|
}
|
||||||
|
|
||||||
|
$this->video->thumbnail = 'data:' . $thumbnailMime . ';base64,' . $thumbnailData;
|
||||||
|
}
|
||||||
|
|
||||||
$this->view->render(
|
$this->view->render(
|
||||||
$response,
|
$response,
|
||||||
$template,
|
$template,
|
||||||
|
|
|
||||||
|
|
@ -44,13 +44,13 @@ class CspMiddleware
|
||||||
->addDirective('base-uri', [])
|
->addDirective('base-uri', [])
|
||||||
->addDirective('frame-ancestors', [])
|
->addDirective('frame-ancestors', [])
|
||||||
->addSource('form-action', '*')
|
->addSource('form-action', '*')
|
||||||
->addSource('img-src', '*');
|
->addSource('img-src', '*')
|
||||||
|
->addSource('img-src', 'data:');
|
||||||
|
|
||||||
if ($this->config->debug) {
|
if ($this->config->debug) {
|
||||||
// So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
|
// So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
|
||||||
$csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
|
$csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
|
||||||
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
|
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
|
||||||
->addSource('img-src', 'data:');
|
|
||||||
}
|
}
|
||||||
|
|
||||||
return $csp->injectCSPHeader($response);
|
return $csp->injectCSPHeader($response);
|
||||||
|
|
|
||||||
Loading…
Reference in a new issue