From 273ff1bc2e3ca87b6fba17de0f7b2b8a9c93bb7e Mon Sep 17 00:00:00 2001
From: Aevann <randomname42029@gmail.com>
Date: Mon, 8 Apr 2024 14:50:14 +0200
Subject: [PATCH] add reddit embeds

---
 files/assets/js/reddit_embed.js | 7 +++++++
 files/helpers/config/const.py   | 2 +-
 files/templates/post.html       | 5 +++++
 3 files changed, 13 insertions(+), 1 deletion(-)
 create mode 100644 files/assets/js/reddit_embed.js

diff --git a/files/assets/js/reddit_embed.js b/files/assets/js/reddit_embed.js
new file mode 100644
index 000000000..a9bb25568
--- /dev/null
+++ b/files/assets/js/reddit_embed.js
@@ -0,0 +1,7 @@
+addEventListener("message", function(t) {
+	if (typeof t.data == "string" && t.data) {
+		const data = JSON.parse(t.data)
+		if (data && "type" in data && data.type == "resize.embed")
+			document.getElementById('reddit-embed').height = data.data
+	}
+})
diff --git a/files/helpers/config/const.py b/files/helpers/config/const.py
index 97325e527..28fed4c4f 100644
--- a/files/helpers/config/const.py
+++ b/files/helpers/config/const.py
@@ -1126,7 +1126,7 @@ engine = create_engine(environ.get("DATABASE_URL").strip(), connect_args={"optio
 db_session = scoped_session(sessionmaker(bind=engine, autoflush=False))
 
 approved_embed_hosts_for_csp = ' '.join(set(x.split('/')[0] for x in approved_embed_hosts))
-csp = f"default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self' rdrama.net watchpeopledie.tv; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com static.cloudflareinsights.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com static.cloudflareinsights.com; frame-src challenges.cloudflare.com cdpn.io platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' submit.watchpeopledie.tv; img-src {approved_embed_hosts_for_csp} data:; media-src *.googlevideo.com archive.org *.us.archive.org {approved_embed_hosts_for_csp};"
+csp = f"default-src 'none'; frame-ancestors 'none'; form-action 'self'; manifest-src 'self'; worker-src 'self'; base-uri 'self'; font-src 'self'; style-src-elem 'self' rdrama.net watchpeopledie.tv; style-src-attr 'unsafe-inline'; style-src 'self' 'unsafe-inline'; script-src-elem 'self' challenges.cloudflare.com static.cloudflareinsights.com; script-src-attr 'none'; script-src 'self' challenges.cloudflare.com static.cloudflareinsights.com; frame-src embed.reddit.com challenges.cloudflare.com cdpn.io platform.twitter.com rumble.com player.twitch.tv; connect-src 'self' submit.watchpeopledie.tv; img-src {approved_embed_hosts_for_csp} data:; media-src *.googlevideo.com archive.org *.us.archive.org {approved_embed_hosts_for_csp};"
 if not IS_LOCALHOST:
 	csp += ' upgrade-insecure-requests;'
 
diff --git a/files/templates/post.html b/files/templates/post.html
index 48386fb8d..7c2046097 100644
--- a/files/templates/post.html
+++ b/files/templates/post.html
@@ -148,6 +148,11 @@
 									{% endif %}
 								{% endif %}
 
+								{% if p.url.startswith('https://old.reddit.com/r/') %}
+									<iframe id="reddit-embed" class="border-0" src="{{p.url.replace('https://old.reddit.com/', 'https://embed.reddit.com/').split('?')[0]}}?context=1&showtitle=true{% if v.theme in DARK_THEMES %}&theme=dark{% endif %}" height="317px" width="640px"></iframe>
+									<script defer src="{{'js/reddit_embed.js' | asset}}"></script>
+								{% endif %}
+
 								<div id="post-text" class="{{p.award_classes(v)}}">
 									{% if p.is_image %}
 										<div class="row no-gutters mb-4">