add: allow published notes to be shown through iframe

2025-07-03 23:58:42 -04:00 · 2025-07-03 23:58:42 -04:00 · 1dc0611298
commit 1dc0611298
parent 2ec8d86edf
4 changed files with 13 additions and 7 deletions
--- a/crates/app/src/macros.rs
+++ b/crates/app/src/macros.rs
@ -166,7 +166,7 @@ macro_rules! user_banned {
        let mut context = initial_context(&$data.0.0.0, lang, &$user).await;
        context.insert("profile", &$other_user);

-        return Ok(Html(
+        return Err(Html(
            $data.1.render("profile/banned.html", &context).unwrap(),
        ));
    };
@ -233,7 +233,7 @@ macro_rules! check_user_blocked_or_private {
                        .is_ok(),
                );

-                return Ok(Html(
+                return Err(Html(
                    $data.1.render("profile/blocked.html", &context).unwrap(),
                ));
            }
@ -281,7 +281,7 @@ macro_rules! check_user_blocked_or_private {
                            .is_ok(),
                    );

-                    return Ok(Html(
+                    return Err(Html(
                        $data.1.render("profile/private.html", &context).unwrap(),
                    ));
                }
@ -293,7 +293,7 @@ macro_rules! check_user_blocked_or_private {
                context.insert("follow_requested", &false);
                context.insert("is_following", &false);

-                return Ok(Html(
+                return Err(Html(
                    $data.1.render("profile/private.html", &context).unwrap(),
                ));
            }
--- a/crates/app/src/main.rs
+++ b/crates/app/src/main.rs
@ -130,7 +130,7 @@ async fn main() {
        )
        .layer(SetResponseHeaderLayer::if_not_present(
            HeaderName::from_static("content-security-policy"),
-            HeaderValue::from_static("default-src 'self' blob: *.spotify.com musicbrainz.org; frame-ancestors 'self'; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' blob: *; script-src 'self' 'unsafe-inline' blob: *; object-src 'self' blob: *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self' blob: data: *"),
+            HeaderValue::from_static("default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self'; frame-ancestors 'self'"),
        ))
        .layer(CatchPanicLayer::new());

--- a/crates/app/src/public/css/root.css
+++ b/crates/app/src/public/css/root.css
@ -267,7 +267,7 @@ span,
 code {
    max-width: 100%;
    overflow-wrap: normal;
-    text-wrap: pretty;
+    text-wrap: stable;
    word-wrap: break-word;
 }

--- a/crates/app/src/routes/pages/journals.rs
+++ b/crates/app/src/routes/pages/journals.rs
@ -362,5 +362,11 @@ pub async fn global_view_request(
    context.insert("global_mode", &true);

    // return
-    Ok(Html(data.1.render("journals/app.html", &context).unwrap()))
+    Ok((
+        [(
+            "content-security-policy",
+            "default-src 'self' *.spotify.com musicbrainz.org; img-src * data:; media-src *; font-src *; style-src 'unsafe-inline' 'self' *; script-src 'self' 'unsafe-inline' *; object-src 'self' *; upgrade-insecure-requests; connect-src * localhost; frame-src 'self'; frame-ancestors *",
+        )],
+        Html(data.1.render("journals/app.html", &context).unwrap()),
+    ))
 }