Skip to content

Commit

Permalink
[!!!][TASK] Use no-cookie domain for youtube by default
Browse files Browse the repository at this point in the history 
Improve the privacy of users by using the no-cookie domain of youtube
by default and just use youtube.com if explicitly set.

Resolves: #84843
Releases: master, 8.7, 7.6
Change-Id: I01472f93e32c2011b5494c4670d07f29348016c3
Reviewed-on: https://review.typo3.org/56880
Tested-by: TYPO3com <no-reply@typo3.com>
Reviewed-by: Frank Naegler <frank.naegler@typo3.org>
Tested-by: Frank Naegler <frank.naegler@typo3.org>
Reviewed-by: Markus Klein <markus.klein@typo3.org>
Tested-by: Markus Klein <markus.klein@typo3.org>
Reviewed-by: Jan Helke <typo3@helke.de>
Tested-by: Jan Helke <typo3@helke.de>
Reviewed-by: Frans Saris <franssaris@gmail.com>
Reviewed-by: Daniel Sattler <sattler@b13.de>
Tested-by: Daniel Sattler <sattler@b13.de>
Reviewed-by: Benni Mack <benni@typo3.org>
Tested-by: Benni Mack <benni@typo3.org>
Reviewed-by: Guido Schmechel <guido.schmechel@brandung.de>
Tested-by: Guido Schmechel <guido.schmechel@brandung.de>
  • Loading branch information
@georgringer @liayn
georgringer authored and liayn committed May 9, 2018
1 parent 6907f9a commit b97ba81
Show file tree
Hide file tree
Showing 5 changed files with 92 additions and 26 deletions.
2 changes: 1 addition & 1 deletion typo3/sysext/core/Classes/Resource/Rendering/YouTubeRenderer.php
View file
Expand Up @@ -127,7 +127,7 @@ public function render(FileInterface $file, $width, $height, array $options = nu

$src = sprintf(
'https://www.youtube%s.com/embed/%s?%s',
!empty($options['no-cookie']) ? '-nocookie' : '',
!isset($options['no-cookie']) || !empty($options['no-cookie']) ? '-nocookie' : '',
$videoId,
implode('&amp;', $urlParams)
);
Expand Down
49 changes: 49 additions & 0 deletions ...tation/Changelog/7.6.x/Breaking-84843-UseNo-cookieDomainForYoutubeByDefault.rst
View file
@@ -0,0 +1,49 @@
.. include:: ../../Includes.txt

==============================================================
Breaking: #84843 - Use no-cookie domain for youtube by default
==============================================================

See :issue:`84843`

Description
===========

To improve the privacy of users the renderer for YouTube videos has been changed to use
the no-cookie domain `www.youtube-nocookie.com` by default. The regular domain `www.youtube.com`
is used if explicitly set by the following TypoScript configuration:

.. code-block:: typoscript
lib.contentElement {
settings {
media {
additionalConfig {
no-cookie = 0
}
}
}
}
Impact
======

The TypoScript configuration :ts:`lib.contentElement.settings.media.additionalConfig` is used
as attribute :php:`additionalConfig` of the ViewHelper :php:`\TYPO3\CMS\Fluid\ViewHelpers\MediaViewHelper`.

If no configuration is provided, the domain `www.youtube-nocookie.com` is used.


Affected Installations
======================

Installations which require the usage of the domain `www.youtube.com` or setting cookies by YouTube.


Migration
=========

Use the TypoScript configuration :ts:`lib.contentElement.settings.media.additionalConfig.no-cookie = 0`

.. index:: TypoScript, ext:fluid_styled_content
62 changes: 38 additions & 24 deletions typo3/sysext/core/Tests/Unit/Resource/Rendering/YouTubeRendererTest.php
View file
Expand Up @@ -95,7 +95,7 @@ public function renderOutputWithLoopIsCorrect()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;loop=1&amp;playlist=7331&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;loop=1&amp;playlist=7331&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 2, 'loop' => 1])
);
}
Expand All @@ -109,7 +109,7 @@ public function renderOutputWithAutoplayIsCorrect()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;autoplay=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;autoplay=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 2, 'autoplay' => 1])
);
}
Expand All @@ -128,7 +128,7 @@ public function renderOutputWithAutoplayFromFileReferenceIsCorrect()
$fileReferenceMock->expects($this->any())->method('getOriginalFile')->willReturn($fileResourceMock);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;autoplay=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;autoplay=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
$this->subject->render($fileReferenceMock, '300m', '200', ['controls' => 2])
);
}
Expand All @@ -142,7 +142,7 @@ public function renderOutputWithAutoplayAndWithoutControlsIsCorrect()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;autoplay=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;autoplay=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 0, 'autoplay' => 1])
);
}
Expand All @@ -151,67 +151,67 @@ public function renderOutputWithControlsDataProvider()
{
return [
'no options given' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
null
],
'with option controls = foo as invalid string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 'foo']
],
'with option controls = true as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 'true']
],
'with option controls = false as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 'false']
],
'with option controls = true as boolean' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => true]
],
'with option controls = false as boolean' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => false]
],
'with option controls = 0 as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => '0']
],
'with option controls = 1 as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => '1']
],
'with option controls = 2 as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => '2']
],
'with option controls = 3 as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => '3']
],
'with option controls = negative number as string' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => '-42']
],
'with option controls = 0 as int' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 0]
],
'with option controls = 1 as int' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=1&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 1]
],
'with option controls = 2 as int' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 2]
],
'with option controls = 3 as int' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => 3]
],
'with option controls = negative number as int' => [
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
['controls' => -42]
],
];
Expand Down Expand Up @@ -241,7 +241,7 @@ public function renderOutputWithRelatedVideosTurnedOffIsCorrect()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=2&amp;rel=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=2&amp;rel=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 2, 'relatedVideos' => 0])
);
}
Expand All @@ -255,7 +255,7 @@ public function renderOutputWithAdditionalAttributes()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen foo="bar" custom-play="preload" width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen foo="bar" custom-play="preload" width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 0, 'additionalAttributes' => ['foo' => 'bar', 'custom-play' => 'preload']])
);
}
Expand All @@ -269,7 +269,7 @@ public function renderOutputWithDataAttributesForCustomization()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen data-player-handler="youTube" data-custom-playerId="player-123" width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen data-player-handler="youTube" data-custom-playerId="player-123" width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 0, 'data' => ['player-handler' => 'youTube', 'custom-playerId' => 'player-123']])
);
}
Expand All @@ -283,8 +283,22 @@ public function renderOutputWithCombinationOfDataAndAdditionalAttributes()
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen foo="bar" custom-play="preload" data-player-handler="youTube" data-custom-playerId="player-123" width="300" height="200"></iframe>',
'<iframe src="https://www.youtube-nocookie.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen foo="bar" custom-play="preload" data-player-handler="youTube" data-custom-playerId="player-123" width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 0, 'data' => ['player-handler' => 'youTube', 'custom-playerId' => 'player-123'], 'additionalAttributes' => ['foo' => 'bar', 'custom-play' => 'preload']])
);
}

/**
* @test
*/
public function renderOutputWithDisabledNoCookieIsCorrect()
{
/** @var File|\PHPUnit_Framework_MockObject_MockObject $fileResourceMock */
$fileResourceMock = $this->createMock(File::class);

$this->assertSame(
'<iframe src="https://www.youtube.com/embed/7331?autohide=1&amp;controls=0&amp;enablejsapi=1&amp;origin=http%3A%2F%2Ftest.server.org&amp;showinfo=0" allowfullscreen width="300" height="200"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['controls' => 0, 'no-cookie' => 0])
);
}
}
3 changes: 3 additions & 0 deletions typo3/sysext/fluid_styled_content/Configuration/TypoScript/Helper/ContentElement.txt
View file
Expand Up @@ -32,6 +32,9 @@ lib.contentElement {
directImageLink = {$styles.content.textmedia.linkWrap.lightboxEnabled}
linkParams.ATagParams.dataWrap = class="{$styles.content.textmedia.linkWrap.lightboxCssClass}" rel="{$styles.content.textmedia.linkWrap.lightboxRelAttribute}"
}
additionalConfig {
no-cookie = 1
}
}
}
}
2 changes: 1 addition & 1 deletion typo3/sysext/fluid_styled_content/Resources/Private/Partials/Media/Rendering/Video.html
View file
@@ -1,3 +1,3 @@
<html xmlns:f="http://typo3.org/ns/TYPO3/CMS/Fluid/ViewHelpers" data-namespace-typo3-fluid="true">
<f:media class="video-embed-item" file="{file}" width="{dimensions.width}" height="{dimensions.height}" alt="{file.alternative}" title="{file.title}" />
<f:media class="video-embed-item" file="{file}" width="{dimensions.width}" height="{dimensions.height}" alt="{file.alternative}" title="{file.title}" additionalConfig="{settings.media.additionalConfig}" />
</html>

0 comments on commit b97ba81

Please sign in to comment.