[wp-trac] [WordPress Trac] #45033: Add TIDAL to oEmbed whitelist
WordPress Trac
noreply at wordpress.org
Fri Apr 12 09:05:40 UTC 2024
#45033: Add TIDAL to oEmbed whitelist
--------------------------+-----------------------
Reporter: tidal | Owner: (none)
Type: defect (bug) | Status: reopened
Priority: normal | Milestone:
Component: Embeds | Version:
Severity: major | Resolution:
Keywords: needs-patch | Focuses:
--------------------------+-----------------------
Changes (by tidal):
* status: closed => reopened
* type: enhancement => defect (bug)
* resolution: wontfix =>
* severity: normal => major
Comment:
Replying to [comment:7 swissspidy]:
> With that being said, Tidal embeds appear to be working just fine with
this, even without whitelisting, which is great.
Seems like WordPress has changed and now adds a sandbox attribute. This
has broken the embed. The sandbox seems to need both allow-scripts and
allow-same-origin, else I'm getting CORS errors for our static S3
resources (js, css and fonts).
Examples here: <h2>sandbox="allow-scripts"</h2>
<iframe class="wp-embedded-content" sandbox="allow-scripts"
src="https://embed.tidal.com/tracks/137457240#?secret=JK0agVf1VT" data-
secret="JK0agVf1VT" width="500" height="120" frameborder="0"></iframe>
<h2>sandbox="allow-scripts allow-same-origin"</h2>
<iframe class="wp-embedded-content" sandbox="allow-scripts allow-same-
origin" src="https://embed.tidal.com/tracks/137457240#?secret=JK0agVf1VT"
data-secret="JK0agVf1VT" width="500" height="120"
frameborder="0"></iframe>
<h2>No Sandbox</h2>
<iframe src="https://embed.tidal.com/tracks/137457240#?secret=JK0agVf1VT"
width="500" height="120" frameborder="0"></iframe>
--
Ticket URL: <https://core.trac.wordpress.org/ticket/45033#comment:8>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list