feat: embed base64 thumbnails in video objects
Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images. Addresses issues with missing thumbnails and enhances security settings.
This commit is contained in:
parent
d1896f49d4
commit
ac44c0e6cc
2 changed files with 22 additions and 3 deletions
|
@ -222,6 +222,25 @@ class FrontController extends BaseController
|
|||
}
|
||||
}
|
||||
|
||||
/* Fetch the thumbnail, if it exists, and add a data URI to the video object */
|
||||
if (isset($this->video->thumbnail) && $this->video->thumbnail !== '') {
|
||||
/* Fetch the thumbnail */
|
||||
$thumbnailData = file_get_contents($this->video->thumbnail);
|
||||
$thumbnailData = base64_encode($thumbnailData);
|
||||
/* Guess the mime type */
|
||||
$thumbnailMime = 'image/jpeg';
|
||||
|
||||
if (strpos($this->video->thumbnail, '.png') !== false) {
|
||||
$thumbnailMime = 'image/png';
|
||||
} elseif (strpos($this->video->thumbnail, '.gif') !== false) {
|
||||
$thumbnailMime = 'image/gif';
|
||||
} elseif (strpos($this->video->thumbnail, '.webp') !== false) {
|
||||
$thumbnailMime = 'image/webp';
|
||||
}
|
||||
|
||||
$this->video->thumbnail = 'data:' . $thumbnailMime . ';base64,' . $thumbnailData;
|
||||
}
|
||||
|
||||
$this->view->render(
|
||||
$response,
|
||||
$template,
|
||||
|
|
|
@ -44,13 +44,13 @@ class CspMiddleware
|
|||
->addDirective('base-uri', [])
|
||||
->addDirective('frame-ancestors', [])
|
||||
->addSource('form-action', '*')
|
||||
->addSource('img-src', '*');
|
||||
->addSource('img-src', '*')
|
||||
->addSource('img-src', 'data:');
|
||||
|
||||
if ($this->config->debug) {
|
||||
// So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
|
||||
$csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
|
||||
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
|
||||
->addSource('img-src', 'data:');
|
||||
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
|
||||
}
|
||||
|
||||
return $csp->injectCSPHeader($response);
|
||||
|
|
Loading…
Reference in a new issue