-
-
Notifications
You must be signed in to change notification settings - Fork 158
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
Implementation "Embed" Field #304
Conversation
There was a problem hiding this comment.
Choose a reason for hiding this comment
The reason will be displayed to describe this comment to others. Learn more.
Looks good to me. Only thing i'm not too happy about is /embed
as endpoint. I've opened #305 to fix this for all async endpoints.
@xiaohutai CSRF check doesn't need to be implemented, just use what Symfony gives us (https://symfony.com/doc/current/security/csrf.html) (for ajax requests you can also use Nelmio cors bundle) |
@bobdenotter I've made it so, that you only need to change the base URL once (in the Route annotation). @JarJak I'm not sure what I have to do here. Could you show me how? Maybe it's something we have to do properly for ALL (ajax) requests. |
@xiaohutai Sorry you are right, CORS does not prevent CSRF, that's another topic.
I'd recommend start using Symfony Forms.
Yes, definitely. Is this route behind the firewall? |
I did a |
needs tests |
Using:
|
bb238b2
to
a5c03bc
Compare
@bobdenotter @JarJak
|
@xiaohutai do you have Chrome installed? |
I work on a server (without any browsers). I'm not working locally as I'm on Windows and that always had some issues with WAMP and variants. |
The `|e('js')` is needed when there's HTML or quotes in the value. Otherwise, this will break the whole application (blank admin area).
I need a new name, because `Embed` is also the name of the class
0f4e1f3
to
f39bb49
Compare
Rebased with conflicts fixed. |
@xiaohutai you can install chrome on server, kakunin runs it in headless mode |
I ninja-fixed the Kakunin tests |
@marcingajda could you have a look on Vue things here? |
Fixes #124 till a certain degree.
I made a simple endpoint for getting the oembed information.
Not sure if we want everything that's from Bolt 3 too?
(This may need improvements with regards to UX. Though that may be a thing for a separate issue)
Implemented CSRF check, but maybe needs to be set in a re-usable
before
interceptor/trait? 🤔