JI-1192 Fix crossOrigin policy only set for local sources

pull/63/head
Frode Petterson 2019-06-18 14:43:34 +02:00
parent 3570441801
commit fec8953ba8
2 changed files with 90 additions and 52 deletions

View File

@ -1993,7 +1993,7 @@ class H5PCore {
public static $coreApi = array(
'majorVersion' => 1,
'minorVersion' => 21
'minorVersion' => 22
);
public static $styles = array(
'styles/h5p.css',

View File

@ -670,7 +670,61 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
}
};
/**
(function () {
/**
* Helper for setting the crossOrigin attribute + the complete correct source.
* Note: This will start loading the resource.
*
* @param {Element} element DOM element, typically img, video or audio
* @param {Object} source File object from parameters/json_content (created by H5PEditor)
* @param {number} contentId Needed to determine the complete correct file path
*/
H5P.setSource = function (element, source, contentId) {
const crossOrigin = H5P.getCrossOrigin(source);
if (crossOrigin) {
element.crossOrigin = crossOrigin;
}
else {
// In case this element has been used before.
element.removeAttribute('crossorigin');
}
element.src = H5P.getPath(source.path, contentId);
};
/**
* Check if the given path has a protocol.
*
* @private
* @param {string} path
* @return {string}
*/
var hasProtocol = function (path) {
return path.match(/^[a-z0-9]+:\/\//i);
};
/**
* Get the crossOrigin policy to use for img, video and audio tags on the current site.
*
* @param {Object|string} source File object from parameters/json_content - Can also be URL(deprecated usage)
* @returns {string|null} crossOrigin attribute value required by the source
*/
H5P.getCrossOrigin = function (source) {
if (typeof source !== 'object') {
// Deprecated usage.
return H5PIntegration.crossorigin && H5PIntegration.crossoriginRegex && source.match(H5PIntegration.crossoriginRegex) ? H5PIntegration.crossorigin : null;
}
if (H5PIntegration.crossorigin && !hasProtocol(source.path)) {
// This is a local file, use the local crossOrigin policy.
return H5PIntegration.crossorigin;
// Note: We cannot use this for all external sources since we do not know
// each server's individual policy. We could add support for a list of
// external sources and their policy later on.
}
};
/**
* Find the path to the content files based on the id of the content.
* Also identifies and returns absolute paths.
*
@ -681,11 +735,7 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
* @returns {string}
* Complete URL to path.
*/
H5P.getPath = function (path, contentId) {
var hasProtocol = function (path) {
return path.match(/^[a-z0-9]+:\/\//i);
};
H5P.getPath = function (path, contentId) {
if (hasProtocol(path)) {
return path;
}
@ -715,7 +765,8 @@ H5P.getPath = function (path, contentId) {
}
return prefix + '/' + path;
};
};
})();
/**
* THIS FUNCTION IS DEPRECATED, USE getPath INSTEAD
@ -2308,19 +2359,6 @@ H5P.createTitle = function (rawTitle, maxLength) {
}
};
/**
* Get crossorigin option that is set for site. Usefull for setting crossorigin policy for elements.
*
* @returns {string|null} Returns the string that should be set as crossorigin policy for elements or null if
* no policy is set.
*/
H5P.getCrossOrigin = function (url) {
var crossorigin = H5PIntegration.crossorigin;
var urlRegex = H5PIntegration.crossoriginRegex;
return crossorigin && urlRegex && url.match(urlRegex) ? crossorigin : null;
};
/**
* Async error handling.
*