JI-1192 Fix crossOrigin policy only set for local sources
parent
3570441801
commit
fec8953ba8
|
@ -1993,7 +1993,7 @@ class H5PCore {
|
|||
|
||||
public static $coreApi = array(
|
||||
'majorVersion' => 1,
|
||||
'minorVersion' => 21
|
||||
'minorVersion' => 22
|
||||
);
|
||||
public static $styles = array(
|
||||
'styles/h5p.css',
|
||||
|
|
78
js/h5p.js
78
js/h5p.js
|
@ -670,7 +670,61 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
|
|||
}
|
||||
};
|
||||
|
||||
/**
|
||||
(function () {
|
||||
/**
|
||||
* Helper for setting the crossOrigin attribute + the complete correct source.
|
||||
* Note: This will start loading the resource.
|
||||
*
|
||||
* @param {Element} element DOM element, typically img, video or audio
|
||||
* @param {Object} source File object from parameters/json_content (created by H5PEditor)
|
||||
* @param {number} contentId Needed to determine the complete correct file path
|
||||
*/
|
||||
H5P.setSource = function (element, source, contentId) {
|
||||
const crossOrigin = H5P.getCrossOrigin(source);
|
||||
if (crossOrigin) {
|
||||
element.crossOrigin = crossOrigin;
|
||||
}
|
||||
else {
|
||||
// In case this element has been used before.
|
||||
element.removeAttribute('crossorigin');
|
||||
}
|
||||
|
||||
element.src = H5P.getPath(source.path, contentId);
|
||||
};
|
||||
|
||||
/**
|
||||
* Check if the given path has a protocol.
|
||||
*
|
||||
* @private
|
||||
* @param {string} path
|
||||
* @return {string}
|
||||
*/
|
||||
var hasProtocol = function (path) {
|
||||
return path.match(/^[a-z0-9]+:\/\//i);
|
||||
};
|
||||
|
||||
/**
|
||||
* Get the crossOrigin policy to use for img, video and audio tags on the current site.
|
||||
*
|
||||
* @param {Object|string} source File object from parameters/json_content - Can also be URL(deprecated usage)
|
||||
* @returns {string|null} crossOrigin attribute value required by the source
|
||||
*/
|
||||
H5P.getCrossOrigin = function (source) {
|
||||
if (typeof source !== 'object') {
|
||||
// Deprecated usage.
|
||||
return H5PIntegration.crossorigin && H5PIntegration.crossoriginRegex && source.match(H5PIntegration.crossoriginRegex) ? H5PIntegration.crossorigin : null;
|
||||
}
|
||||
|
||||
if (H5PIntegration.crossorigin && !hasProtocol(source.path)) {
|
||||
// This is a local file, use the local crossOrigin policy.
|
||||
return H5PIntegration.crossorigin;
|
||||
// Note: We cannot use this for all external sources since we do not know
|
||||
// each server's individual policy. We could add support for a list of
|
||||
// external sources and their policy later on.
|
||||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Find the path to the content files based on the id of the content.
|
||||
* Also identifies and returns absolute paths.
|
||||
*
|
||||
|
@ -681,11 +735,7 @@ H5P.fullScreen = function ($element, instance, exitCallback, body, forceSemiFull
|
|||
* @returns {string}
|
||||
* Complete URL to path.
|
||||
*/
|
||||
H5P.getPath = function (path, contentId) {
|
||||
var hasProtocol = function (path) {
|
||||
return path.match(/^[a-z0-9]+:\/\//i);
|
||||
};
|
||||
|
||||
H5P.getPath = function (path, contentId) {
|
||||
if (hasProtocol(path)) {
|
||||
return path;
|
||||
}
|
||||
|
@ -715,7 +765,8 @@ H5P.getPath = function (path, contentId) {
|
|||
}
|
||||
|
||||
return prefix + '/' + path;
|
||||
};
|
||||
};
|
||||
})();
|
||||
|
||||
/**
|
||||
* THIS FUNCTION IS DEPRECATED, USE getPath INSTEAD
|
||||
|
@ -2308,19 +2359,6 @@ H5P.createTitle = function (rawTitle, maxLength) {
|
|||
}
|
||||
};
|
||||
|
||||
/**
|
||||
* Get crossorigin option that is set for site. Usefull for setting crossorigin policy for elements.
|
||||
*
|
||||
* @returns {string|null} Returns the string that should be set as crossorigin policy for elements or null if
|
||||
* no policy is set.
|
||||
*/
|
||||
H5P.getCrossOrigin = function (url) {
|
||||
var crossorigin = H5PIntegration.crossorigin;
|
||||
var urlRegex = H5PIntegration.crossoriginRegex;
|
||||
|
||||
return crossorigin && urlRegex && url.match(urlRegex) ? crossorigin : null;
|
||||
};
|
||||
|
||||
/**
|
||||
* Async error handling.
|
||||
*
|
||||
|
|
Loading…
Reference in New Issue