feat: embed base64 thumbnails in video objects

Embedded video thumbnails as base64 data URIs to enhance performance and ensure portability. Updated CSP to allow 'data:' sources for images, preventing CSP violations when rendering base64 images.

Addresses issues with missing thumbnails and enhances security settings.
This commit is contained in:
Kumi 2024-07-21 09:47:21 +02:00
parent d1896f49d4
commit ac44c0e6cc
Signed by: kumi
GPG key ID: ECBCC9082395383F
2 changed files with 22 additions and 3 deletions

View file

@ -222,6 +222,25 @@ class FrontController extends BaseController
}
}
/* Fetch the thumbnail, if it exists, and add a data URI to the video object */
if (isset($this->video->thumbnail) && $this->video->thumbnail !== '') {
/* Fetch the thumbnail */
$thumbnailData = file_get_contents($this->video->thumbnail);
$thumbnailData = base64_encode($thumbnailData);
/* Guess the mime type */
$thumbnailMime = 'image/jpeg';
if (strpos($this->video->thumbnail, '.png') !== false) {
$thumbnailMime = 'image/png';
} elseif (strpos($this->video->thumbnail, '.gif') !== false) {
$thumbnailMime = 'image/gif';
} elseif (strpos($this->video->thumbnail, '.webp') !== false) {
$thumbnailMime = 'image/webp';
}
$this->video->thumbnail = 'data:' . $thumbnailMime . ';base64,' . $thumbnailData;
}
$this->view->render(
$response,
$template,

View file

@ -44,13 +44,13 @@ class CspMiddleware
->addDirective('base-uri', [])
->addDirective('frame-ancestors', [])
->addSource('form-action', '*')
->addSource('img-src', '*');
->addSource('img-src', '*')
->addSource('img-src', 'data:');
if ($this->config->debug) {
// So maximebf/debugbar, symfony/debug and symfony/error-handler can work.
$csp->setDirective('script-src', ['self' => true, 'unsafe-inline' => true])
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true])
->addSource('img-src', 'data:');
->setDirective('style-src', ['self' => true, 'unsafe-inline' => true]);
}
return $csp->injectCSPHeader($response);