From 94c344573b24f6fe78cd85f7b4293375d3a40b7a Mon Sep 17 00:00:00 2001 From: Sunil Mohan Adapa Date: Sun, 9 Nov 2025 22:19:57 -0800 Subject: [PATCH] janus: Relax content security policy for the video room - Needed for the new video room code to run without CSP errors in the browser console. JS error happens immediately after loading the page before Janus initialization. Styling related errors happen after joining the room despite eliminating use of'style=' attributes from JS code. Tests: - The video room works for a conference without showing any Content-Security-Policy header related errors in the Firefox developer console. Signed-off-by: Sunil Mohan Adapa Reviewed-by: James Valleroy --- plinth/modules/janus/views.py | 17 +++++++++++++++++ 1 file changed, 17 insertions(+) diff --git a/plinth/modules/janus/views.py b/plinth/modules/janus/views.py index a86d1f636..b0b8e73dd 100644 --- a/plinth/modules/janus/views.py +++ b/plinth/modules/janus/views.py @@ -3,14 +3,26 @@ Views for the Janus app. """ +import copy + from django.views.generic import TemplateView from plinth import app as app_module +from plinth.middleware import CONTENT_SECURITY_POLICY class JanusRoomView(TemplateView): """A simple page to host Janus video room.""" template_name = 'janus_video_room.html' + headers: dict[str, str] = {} + + def __init__(self, **kwargs): + """Initialize the view and set CSP.""" + super().__init__(**kwargs) + csp = copy.copy(CONTENT_SECURITY_POLICY) + csp['script-src'] = "'self' 'unsafe-inline'" + csp['style-src'] = "'self' 'unsafe-inline'" + self.headers['Content-Security-Policy'] = csp.get_header_value() def get_context_data(self, *args, **kwargs): """Add user's TURN server information to view context.""" @@ -19,3 +31,8 @@ class JanusRoomView(TemplateView): context = super().get_context_data(*args, **kwargs) context['user_turn_config'] = config.to_json() return context + + def get(self, request, *args, **kwargs): + """Handle GET request and return a response object.""" + context = self.get_context_data(**kwargs) + return self.render_to_response(context, headers=self.headers)