EDUCATIC
/
h5p-php-library
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

JI-1192 Fix crossOrigin policy only set for local sources

pull/63/head
Frode Petterson 2019-06-18 14:43:34 +02:00
parent 3570441801
commit fec8953ba8
2 changed files with 90 additions and 52 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

2
h5p.classes.php
View File

@ -1993,7 +1993,7 @@ class H5PCore {
public static $coreApi = array( public static $coreApi = array(
'majorVersion' => 1, 'majorVersion' => 1,
'minorVersion' => 21 'minorVersion' => 22
); );
public static $styles = array( public static $styles = array(
'styles/h5p.css', 'styles/h5p.css',

140
js/h5p.js
View File

@ -670,52 +670,103 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
} }
}; };
/** (function () {
* Find the path to the content files based on the id of the content. /**
* Also identifies and returns absolute paths. * Helper for setting the crossOrigin attribute + the complete correct source.
* * Note: This will start loading the resource.
* @param {string} path *
* Relative to content folder or absolute. * @param {Element} element DOM element, typically img, video or audio
* @param {number} contentId * @param {Object} source File object from parameters/json_content (created by H5PEditor)
* ID of the content requesting the path. * @param {number} contentId Needed to determine the complete correct file path
* @returns {string} */
* Complete URL to path. H5P.setSource = function (element, source, contentId) {
*/ const crossOrigin = H5P.getCrossOrigin(source);
H5P.getPath = function (path, contentId) { if (crossOrigin) {
element.crossOrigin = crossOrigin;
}
else {
// In case this element has been used before.
element.removeAttribute('crossorigin');
}
element.src = H5P.getPath(source.path, contentId);
};
/**
* Check if the given path has a protocol.
*
* @private
* @param {string} path
* @return {string}
*/
var hasProtocol = function (path) { var hasProtocol = function (path) {
return path.match(/^[a-z0-9]+:\/\//i); return path.match(/^[a-z0-9]+:\/\//i);
}; };
if (hasProtocol(path)) { /**
return path; * Get the crossOrigin policy to use for img, video and audio tags on the current site.
} *
* @param {Object|string} source File object from parameters/json_content - Can also be URL(deprecated usage)
var prefix; * @returns {string|null} crossOrigin attribute value required by the source
var isTmpFile = (path.substr(-4,4) === '#tmp'); */
if (contentId !== undefined && !isTmpFile) { H5P.getCrossOrigin = function (source) {
// Check for custom override URL if (typeof source !== 'object') {
if (H5PIntegration.contents !== undefined && // Deprecated usage.
H5PIntegration.contents['cid-' + contentId]) { return H5PIntegration.crossorigin && H5PIntegration.crossoriginRegex && source.match(H5PIntegration.crossoriginRegex) ? H5PIntegration.crossorigin : null;
prefix = H5PIntegration.contents['cid-' + contentId].contentUrl;
} }
if (!prefix) {
prefix = H5PIntegration.url + '/content/' + contentId; if (H5PIntegration.crossorigin && !hasProtocol(source.path)) {
// This is a local file, use the local crossOrigin policy.
return H5PIntegration.crossorigin;
// Note: We cannot use this for all external sources since we do not know
// each server's individual policy. We could add support for a list of
// external sources and their policy later on.
} }
} };
else if (window.H5PEditor !== undefined) {
prefix = H5PEditor.filesPath;
}
else {
return;
}
if (!hasProtocol(prefix)) { /**
// Use absolute urls * Find the path to the content files based on the id of the content.
prefix = window.location.protocol + "//" + window.location.host + prefix; * Also identifies and returns absolute paths.
} *
* @param {string} path
* Relative to content folder or absolute.
* @param {number} contentId
* ID of the content requesting the path.
* @returns {string}
* Complete URL to path.
*/
H5P.getPath = function (path, contentId) {
if (hasProtocol(path)) {
return path;
}
return prefix + '/' + path; var prefix;
}; var isTmpFile = (path.substr(-4,4) === '#tmp');
if (contentId !== undefined && !isTmpFile) {
// Check for custom override URL
if (H5PIntegration.contents !== undefined &&
H5PIntegration.contents['cid-' + contentId]) {
prefix = H5PIntegration.contents['cid-' + contentId].contentUrl;
}
if (!prefix) {
prefix = H5PIntegration.url + '/content/' + contentId;
}
}
else if (window.H5PEditor !== undefined) {
prefix = H5PEditor.filesPath;
}
else {
return;
}
if (!hasProtocol(prefix)) {
// Use absolute urls
prefix = window.location.protocol + "//" + window.location.host + prefix;
}
return prefix + '/' + path;
};
})();
/** /**
* THIS FUNCTION IS DEPRECATED, USE getPath INSTEAD * THIS FUNCTION IS DEPRECATED, USE getPath INSTEAD
@ -2308,19 +2359,6 @@ H5P.createTitle = function (rawTitle, maxLength) {
} }
}; };
/**
* Get crossorigin option that is set for site. Usefull for setting crossorigin policy for elements.
*
* @returns {string|null} Returns the string that should be set as crossorigin policy for elements or null if
* no policy is set.
*/
H5P.getCrossOrigin = function (url) {
var crossorigin = H5PIntegration.crossorigin;
var urlRegex = H5PIntegration.crossoriginRegex;
return crossorigin && urlRegex && url.match(urlRegex) ? crossorigin : null;
};
/** /**
* Async error handling. * Async error handling.
* *