Mirrors/linkding
1
0
Fork 0
mirror of https://github.com/sissbruecker/linkding.git synced 2026-02-28 06:53:12 +08:00
Code Issues Packages Projects Releases Wiki Activity

Allow viewing video assets (#1259)

Browse Source
This commit is contained in:
Sascha Ißbrücker
2026-01-03 16:33:49 +01:00
committed by GitHub
parent 4f5009b30f
commit 06048ee26f
2 changed files with 20 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
bookmarks/tests/test_bookmark_asset_view.py
View File

@@ -27,14 +27,14 @@ class BookmarkAssetViewTestCase(TestCase, BookmarkFactoryMixin):
)
return asset
def setup_asset_with_uploaded_file(self, bookmark):
def setup_asset_with_uploaded_file(self, bookmark, content_type="image/png"):
filename = f"temp_{bookmark.id}.png.gzip"
self.setup_asset_file(filename)
asset = self.setup_asset(
bookmark=bookmark,
file=filename,
asset_type=BookmarkAsset.TYPE_UPLOAD,
content_type="image/png",
content_type=content_type,
display_name=f"Uploaded file {bookmark.id}.png",
)
return asset
@@ -164,3 +164,17 @@ class BookmarkAssetViewTestCase(TestCase, BookmarkFactoryMixin):
f'inline; filename="{asset.display_name}"',
)
self.assertEqual(response["Content-Security-Policy"], "sandbox allow-scripts")
def test_uploaded_video_download_headers(self):
bookmark = self.setup_bookmark()
asset = self.setup_asset_with_uploaded_file(bookmark, content_type="video/mp4")
response = self.client.get(reverse("linkding:assets.view", args=[asset.id]))
self.assertEqual(response["Content-Type"], asset.content_type)
self.assertEqual(
response["Content-Disposition"],
f'inline; filename="{asset.display_name}"',
)
self.assertEqual(
response["Content-Security-Policy"], "default-src 'none'; media-src 'self';"
)

5
bookmarks/views/assets.py
View File

@@ -33,7 +33,10 @@ def view(request, asset_id: int):
response = HttpResponse(content, content_type=asset.content_type)
response["Content-Disposition"] = f'inline; filename="{asset.download_name}"'
response["Content-Security-Policy"] = "sandbox allow-scripts"
if asset.content_type and asset.content_type.startswith("video/"):
response["Content-Security-Policy"] = "default-src 'none'; media-src 'self';"
else:
response["Content-Security-Policy"] = "sandbox allow-scripts"
return response