Skip to content

Commit

Permalink
Fixes videos not loading from S3 due to unlisted CSP host (#2487)
Browse files Browse the repository at this point in the history
  • Loading branch information
@RickyRomero
RickyRomero authored Jul 1, 2024
1 parent cc68474 commit dcf54f0
Showing 1 changed file with 11 additions and 3 deletions.
14 changes: 11 additions & 3 deletions config/secure-headers.php
View file
Original file line number Diff line number Diff line change
Expand Up @@ -409,9 +409,17 @@
// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/media-src
'media-src' => [
'self' => true,
'allow' => [
'blob:', // required for "live" photos
],
'allow' => array_merge(
[
'blob:', // required for "live" photos
],
// Add the S3 URL to the list of allowed media sources
env('AWS_ACCESS_KEY_ID', '') === '' ? [] :
[
// @phpstan-ignore-next-line
str_replace(parse_url(env('AWS_URL'), PHP_URL_PATH), '', env('AWS_URL')),
]
),
],

// https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/navigate-to
Expand Down

0 comments on commit dcf54f0

Please sign in to comment.