From dfab4fa9c6d5b6f12ac844b191a51282b002d3f5 Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 20 Feb 2020 10:04:36 +0100
Subject: [PATCH 1/2] Fix CSP for embeds

---
 server/controllers/client.ts | 8 +++++++-
 1 file changed, 7 insertions(+), 1 deletion(-)

diff --git a/server/controllers/client.ts b/server/controllers/client.ts
index dc3ff18fc..56685f102 100644
--- a/server/controllers/client.ts
+++ b/server/controllers/client.ts
@@ -2,10 +2,11 @@ import * as express from 'express'
 import { join } from 'path'
 import { root } from '../helpers/core-utils'
 import { ACCEPT_HEADERS, STATIC_MAX_AGE } from '../initializers/constants'
-import { asyncMiddleware } from '../middlewares'
+import { asyncMiddleware, embedCSP } from '../middlewares'
 import { buildFileLocale, getCompleteLocale, is18nLocale, LOCALE_FILES } from '../../shared/models/i18n/i18n'
 import { ClientHtml } from '../lib/client-html'
 import { logger } from '../helpers/logger'
+import { CONFIG } from '@server/initializers/config'
 
 const clientsRouter = express.Router()
 
@@ -19,8 +20,13 @@ clientsRouter.use('/videos/watch/:id', asyncMiddleware(generateWatchHtmlPage))
 clientsRouter.use('/accounts/:nameWithHost', asyncMiddleware(generateAccountHtmlPage))
 clientsRouter.use('/video-channels/:nameWithHost', asyncMiddleware(generateVideoChannelHtmlPage))
 
+const embedCSPMiddleware = CONFIG.CSP.ENABLED
+  ? embedCSP
+  : (req: express.Request, res: express.Response, next: express.NextFunction) => next()
+
 clientsRouter.use(
   '/videos/embed',
+  embedCSPMiddleware,
   (req: express.Request, res: express.Response) => {
     res.removeHeader('X-Frame-Options')
     res.sendFile(embedPath)

From c06be129506de9ac8d9910fed473c86724ca0e4e Mon Sep 17 00:00:00 2001
From: Chocobozzz <me@florianbigard.com>
Date: Thu, 20 Feb 2020 10:42:57 +0100
Subject: [PATCH 2/2] Fix scroll menu on touch devices

---
 client/src/app/menu/menu.component.scss | 8 ++++++++
 1 file changed, 8 insertions(+)

diff --git a/client/src/app/menu/menu.component.scss b/client/src/app/menu/menu.component.scss
index 2963d4d19..112fdc1ce 100644
--- a/client/src/app/menu/menu.component.scss
+++ b/client/src/app/menu/menu.component.scss
@@ -260,3 +260,11 @@ menu {
     width: 100% !important;
   }
 }
+
+@media (hover: none) and (pointer: coarse) {
+  .menu-wrapper {
+    menu {
+      overflow-y: auto;
+    }
+  }
+}