JI-1192 Fix crossOrigin policy only set for local sources

pull/63/head
Frode Petterson 2019-06-18 14:43:34 +02:00
parent 3570441801
commit fec8953ba8
2 changed files with 90 additions and 52 deletions

View File

@ -1993,7 +1993,7 @@ class H5PCore {
public static $coreApi = array( public static $coreApi = array(
'majorVersion' => 1, 'majorVersion' => 1,
'minorVersion' => 21 'minorVersion' => 22
); );
public static $styles = array( public static $styles = array(
'styles/h5p.css', 'styles/h5p.css',

View File

@ -670,6 +670,60 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
} }
}; };
(function () {
/**
* Helper for setting the crossOrigin attribute + the complete correct source.
* Note: This will start loading the resource.
*
* @param {Element} element DOM element, typically img, video or audio
* @param {Object} source File object from parameters/json_content (created by H5PEditor)
* @param {number} contentId Needed to determine the complete correct file path
*/
H5P.setSource = function (element, source, contentId) {
const crossOrigin = H5P.getCrossOrigin(source);
if (crossOrigin) {
element.crossOrigin = crossOrigin;
}
else {
// In case this element has been used before.
element.removeAttribute('crossorigin');
}
element.src = H5P.getPath(source.path, contentId);
};
/**
* Check if the given path has a protocol.
*
* @private
* @param {string} path
* @return {string}
*/
var hasProtocol = function (path) {
return path.match(/^[a-z0-9]+:\/\//i);
};
/**
* Get the crossOrigin policy to use for img, video and audio tags on the current site.
*
* @param {Object|string} source File object from parameters/json_content - Can also be URL(deprecated usage)
* @returns {string|null} crossOrigin attribute value required by the source
*/
H5P.getCrossOrigin = function (source) {
if (typeof source !== 'object') {
// Deprecated usage.
return H5PIntegration.crossorigin && H5PIntegration.crossoriginRegex && source.match(H5PIntegration.crossoriginRegex) ? H5PIntegration.crossorigin : null;
}
if (H5PIntegration.crossorigin && !hasProtocol(source.path)) {
// This is a local file, use the local crossOrigin policy.
return H5PIntegration.crossorigin;
// Note: We cannot use this for all external sources since we do not know
// each server's individual policy. We could add support for a list of
// external sources and their policy later on.
}
};
/** /**
* Find the path to the content files based on the id of the content. * Find the path to the content files based on the id of the content.
* Also identifies and returns absolute paths. * Also identifies and returns absolute paths.
@ -682,10 +736,6 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
* Complete URL to path. * Complete URL to path.
*/ */
H5P.getPath = function (path, contentId) { H5P.getPath = function (path, contentId) {
var hasProtocol = function (path) {
return path.match(/^[a-z0-9]+:\/\//i);
};
if (hasProtocol(path)) { if (hasProtocol(path)) {
return path; return path;
} }
@ -716,6 +766,7 @@ H5P.getPath = function (path, contentId) {
return prefix + '/' + path; return prefix + '/' + path;
}; };
})();
/** /**
* THIS FUNCTION IS DEPRECATED, USE getPath INSTEAD * THIS FUNCTION IS DEPRECATED, USE getPath INSTEAD
@ -2308,19 +2359,6 @@ H5P.createTitle = function (rawTitle, maxLength) {
} }
}; };
/**
* Get crossorigin option that is set for site. Usefull for setting crossorigin policy for elements.
*
* @returns {string|null} Returns the string that should be set as crossorigin policy for elements or null if
* no policy is set.
*/
H5P.getCrossOrigin = function (url) {
var crossorigin = H5PIntegration.crossorigin;
var urlRegex = H5PIntegration.crossoriginRegex;
return crossorigin && urlRegex && url.match(urlRegex) ? crossorigin : null;
};
/** /**
* Async error handling. * Async error handling.
* *