From efa9b4ea703eb2a36df7defefb835bf45a38cc69 Mon Sep 17 00:00:00 2001
From: Azareal <azareal@users.noreply.github.com>
Date: Tue, 9 Jun 2020 21:52:59 +1000
Subject: [PATCH] did i not commit this? giiiiittt. wider videos on cosora

---
 routes/common.go              | 13 +++++++++++--
 themes/cosora/public/main.css |  6 +++++-
 2 files changed, 16 insertions(+), 3 deletions(-)

diff --git a/routes/common.go b/routes/common.go
index d4ea91db..4fae6ebe 100644
--- a/routes/common.go
+++ b/routes/common.go
@@ -136,10 +136,19 @@ func renderTemplate2(tmplName, hookName string, w http.ResponseWriter, r *http.R
 func FootHeaders(w http.ResponseWriter, h *c.Header) {
 	// TODO: Only set video domain when there is a video on the page
 	if !h.LooseCSP {
+		he := w.Header()
 		if c.Config.SslSchema {
-			w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.youtube-nocookie.com embed.nicovideo.jp;upgrade-insecure-requests")
+			if h.ExternalMedia {
+				he.Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.youtube-nocookie.com embed.nicovideo.jp;upgrade-insecure-requests")
+			} else {
+				he.Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self';upgrade-insecure-requests")
+			}
 		} else {
-			w.Header().Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.youtube-nocookie.com embed.nicovideo.jp")
+			if h.ExternalMedia {
+				he.Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self' www.youtube-nocookie.com embed.nicovideo.jp")
+			} else {
+				he.Set("Content-Security-Policy", "default-src 'self' 'unsafe-eval'; style-src 'self' 'unsafe-eval' 'unsafe-inline'; img-src * data: 'unsafe-eval' 'unsafe-inline'; connect-src * 'unsafe-eval' 'unsafe-inline'; frame-src 'self'")
+			}
 		}
 	}
 
diff --git a/themes/cosora/public/main.css b/themes/cosora/public/main.css
index 7d643ca3..9ad41254 100644
--- a/themes/cosora/public/main.css
+++ b/themes/cosora/public/main.css
@@ -1271,7 +1271,7 @@ red {
 	background-color: #EFEEEE;
 	border-radius: 3px;
 	padding: 16px;
-	white-space: nowrap;
+	overflow-wrap: break-word;
 }
 
 #ip_search_container .rowlist:not(.has_items) {
@@ -1694,6 +1694,10 @@ red {
 	.hide_on_big {
 		display: none;
 	}
+	.postIframe {
+		min-width: 400px;
+		min-height: 200px;
+	}
 }
 
 @media(max-width: 720px) {