Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Set generous HTTP feature policy #114

Open
wants to merge 8 commits into
base: master
Choose a base branch
from
Open

Set generous HTTP feature policy #114

Changes from all commits
Commits
Show all changes
8 commits
Select commit Hold shift + click to select a range
a02a76c
Set generous HTTP feature policy
otacke Jun 18, 2020
d07c68c
Merge branch 'master' into add-http-feature-policy
otacke Sep 1, 2020
9851e4d
Merge branch 'master' into add-http-feature-policy
otacke Apr 14, 2021
cbbe55a
Allow iframe content to write to clipboard
otacke Mar 30, 2022
ea0e34a
Add permission policy to embed code
otacke Apr 1, 2022
3ee6294
Make $h5p_http_feature_policy become an array that can be overridden …
kelvin-xu May 11, 2022
cdee4fd
Add type check just to be safe
kelvin-xu May 11, 2022
c1a5413
Merge pull request #1 from kelvin-xu/add-http-feature-policy
otacke May 12, 2022
File filter

Filter by extension

Filter by extension
Conversations
Failed to load comments.
Loading
Jump to
Jump to file
Failed to load files.
Loading
Diff view
Diff view
45 changes: 43 additions & 2 deletions public/class-h5p-plugin.php
View file
Open in desktop
Original file line number Diff line number Diff line change
Expand Up @@ -66,6 +66,23 @@ class H5P_Plugin {
*/
protected static $settings = null;

/**
* Default settings for HTTP Feature Policy.
*
* @var string
*/
protected static $h5p_http_feature_policy = array(
'accelerometer' => '*',
'autoplay' => '*',
'camera' => '*',
'clipboard-write' => '*',
'fullscreen' => '*',
'geolocation' => '*',
'gyroscope' => '*',
'magnetometer' => '*',
'microphone' => '*'
);

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

It would be great if you can implement this with associative arrays that apply with a WordPress filter. Then generate the string based on the after-filtered associative array. It would give developers more flexibility to enable/disable permissions based on their site/platform.

Copy link
Contributor Author

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@kelvin-xu You're welcome to amend my pull request by sending me one of your own.

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Will do, thanks

Copy link

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

PR has been created for review. Thanks.

/**
* Initialize the plugin by setting localization and loading public scripts
* and styles.
Expand Down Expand Up @@ -925,6 +942,25 @@ public function shortcode($atts) {
return $this->add_assets($content);
}

/**
* Get permission policy property.
*
* @return string Permission policy.
*/
public function get_http_feature_policy_property() {
// Set HTTP feature policy attribute
$h5p_http_feature_policy_list = apply_filters( 'h5p_h5p_http_feature_policy', defined( 'H5P_HTTP_FEATURE_POLICY' ) && H5P_HTTP_FEATURE_POLICY ? H5P_HTTP_FEATURE_POLICY : self::$h5p_http_feature_policy );

array_walk(
$h5p_http_feature_policy_list,
function( &$feature_policy_value, $feature_policy_name ) {
$feature_policy_value = $feature_policy_name . ' \'' . $feature_policy_value . '\'';
}
);

return is_array( $h5p_http_feature_policy_list ) && 0 === count( $h5p_http_feature_policy_list ) ? '' : 'allow="' . implode( ';', $h5p_http_feature_policy_list ) . '"';
}

/**
* Get settings for given content
*
Expand Down Expand Up @@ -969,13 +1005,15 @@ public function get_content_settings($content) {
: ''
);

$h5p_http_feature_policy = $this->get_http_feature_policy_property();

// Add JavaScript settings for this content
$settings = array(
'library' => H5PCore::libraryToString($content['library']),
'jsonContent' => $safe_parameters,
'fullScreen' => $content['library']['fullscreen'],
'exportUrl' => get_option('h5p_export', TRUE) ? $this->get_h5p_url() . '/exports/' . ($content['slug'] ? $content['slug'] . '-' : '') . $content['id'] . '.h5p' : '',
'embedCode' => '<iframe src="' . admin_url('admin-ajax.php?action=h5p_embed&id=' . $content['id']) . '" width=":w" height=":h" frameborder="0" allowfullscreen="allowfullscreen" title="' . $title . '"></iframe>',
'embedCode' => '<iframe src="' . admin_url('admin-ajax.php?action=h5p_embed&id=' . $content['id']) . '" width=":w" height=":h" frameborder="0" allowfullscreen="allowfullscreen" title="' . $title . '"' . ' ' . $h5p_http_feature_policy . '></iframe>',
'resizeCode' => '<script src="' . plugins_url('h5p/h5p-php-library/js/h5p-resizer.js') . '" charset="UTF-8"></script>',
'url' => admin_url('admin-ajax.php?action=h5p_embed&id=' . $content['id']),
'title' => $content['title'],
Expand Down Expand Up @@ -1051,13 +1089,16 @@ public function add_assets($content, $no_cache = FALSE) {
$h5p_content_wrapper = '<div class="h5p-content" data-content-id="' . $content['id'] . '"></div>';
}
else {
$h5p_http_feature_policy = $this->get_http_feature_policy_property();

$title = isset($content['metadata']['a11yTitle'])
? $content['metadata']['a11yTitle']
: (isset($content['metadata']['title'])
? $content['metadata']['title']
: ''
);
$h5p_content_wrapper = '<div class="h5p-iframe-wrapper"><iframe id="h5p-iframe-' . $content['id'] . '" class="h5p-iframe" data-content-id="' . $content['id'] . '" style="height:1px" src="about:blank" frameBorder="0" scrolling="no" title="' . $title . '"></iframe></div>';

$h5p_content_wrapper = '<div class="h5p-iframe-wrapper"><iframe id="h5p-iframe-' . $content['id'] . '" class="h5p-iframe" data-content-id="' . $content['id'] . '" style="height:1px" src="about:blank" frameBorder="0" scrolling="no" title="' . $title . '"' . ' ' . $h5p_http_feature_policy . '></iframe></div>';
}

return apply_filters('print_h5p_content', $h5p_content_wrapper, $content);
Expand Down