Skip to content

Commit

Permalink
FIX oembed to avoid mixed media issues
Browse files Browse the repository at this point in the history
  • Loading branch information
Hamish Friedlander committed Oct 17, 2013
1 parent 7b1cbab commit 8801a50
Show file tree
Hide file tree
Showing 4 changed files with 95 additions and 7 deletions.
20 changes: 14 additions & 6 deletions _config/Oembed.yml
View file
Expand Up @@ -3,9 +3,11 @@ name: Oembed
Oembed:
providers:
'http://*.youtube.com/watch*':
'http://www.youtube.com/oembed/'
http: 'http://www.youtube.com/oembed/',
https: 'https://www.youtube.com/oembed/?scheme=https'
'https://*.youtube.com/watch*':
'https://www.youtube.com/oembed/?scheme=https'
http: 'http://www.youtube.com/oembed/',
https: 'https://www.youtube.com/oembed/?scheme=https'
'http://*.flickr.com/*':
'http://www.flickr.com/services/oembed/'
'http://*.viddler.com/*':
Expand All @@ -15,11 +17,17 @@ Oembed:
'http://*.hulu.com/watch/*':
'http://www.hulu.com/api/oembed.json'
'http://*.vimeo.com/*':
'http://www.vimeo.com/api/oembed.json'
'https://twitter.com/*':
'https://api.twitter.com/1/statuses/oembed.json'
http: 'http://www.vimeo.com/api/oembed.json',
https: 'https://www.vimeo.com/api/oembed.json'
'https://*.vimeo.com/*':
http: 'http://www.vimeo.com/api/oembed.json',
https: 'https://www.vimeo.com/api/oembed.json'
'http://twitter.com/*':
'https://api.twitter.com/1/statuses/oembed.json'
http: 'https://api.twitter.com/1/statuses/oembed.json',
https: 'https://api.twitter.com/1/statuses/oembed.json'
'https://twitter.com/*':
http: 'https://api.twitter.com/1/statuses/oembed.json',
https: 'https://api.twitter.com/1/statuses/oembed.json'
autodiscover:
true
enabled:
Expand Down
15 changes: 14 additions & 1 deletion control/Director.php
View file
Expand Up @@ -42,7 +42,16 @@ class Director implements TemplateGlobalProvider {
* @var array
*/
private static $test_servers = array();


/**
* Setting this explicitly specifies the protocol (http or https) used, overriding
* the normal behaviour of Director::is_https introspecting it from the request
*
* @config
* @var string - "http" or "https" to force the protocol, or false-ish to use default introspection from request
*/
private static $alternate_protocol;

/**
* @config
* @var string
Expand Down Expand Up @@ -458,6 +467,10 @@ public static function protocol() {
* @return boolean
*/
public static function is_https() {
if ($protocol = Config::inst()->get('Director', 'alternate_protocol')) {
return $protocol == 'https';
}

if(isset($_SERVER['HTTP_X_FORWARDED_PROTOCOL'])) {
if(strtolower($_SERVER['HTTP_X_FORWARDED_PROTOCOL']) == 'https') {
return true;
Expand Down
8 changes: 8 additions & 0 deletions oembed/Oembed.php
View file
Expand Up @@ -50,6 +50,13 @@ public static function get_providers() {
protected static function find_endpoint($url) {
foreach(self::get_providers() as $scheme=>$endpoint) {
if(self::matches_scheme($url, $scheme)) {
$protocol = Director::is_https() ? 'https' : 'http';

if (is_array($endpoint)) {
if (array_key_exists($protocol, $endpoint)) $endpoint = $endpoint[$protocol];
else $endpoint = reset($endpoint);
}

return $endpoint;
}
}
Expand All @@ -66,6 +73,7 @@ protected static function find_endpoint($url) {
protected static function matches_scheme($url, $scheme) {
$urlInfo = parse_url($url);
$schemeInfo = parse_url($scheme);

foreach($schemeInfo as $k=>$v) {
if(!array_key_exists($k, $urlInfo)) {
return false;
Expand Down
59 changes: 59 additions & 0 deletions tests/oembed/OembedTest.php
View file
@@ -1,6 +1,16 @@
<?php

class OembedTest extends SapphireTest {
public function setUp() {
parent::setUp();
Config::nest();
}

public function tearDown() {
Config::unnest();
parent::tearDown();
}

public function testGetOembedFromUrl() {
Config::inst()->update('Oembed', 'providers', array(
'http://*.silverstripe.com/watch*'=>'http://www.silverstripe.com/oembed/'
Expand Down Expand Up @@ -37,4 +47,53 @@ public function testGetOembedFromUrl() {
$this->assertEquals($query['maxheight'], 'foo', 'Magically creates maxheight option');
$this->assertEquals($query['maxwidth'], 'bar', 'Magically creates maxwidth option');
}

public function testRequestProtocolReflectedInGetOembedFromUrl() {
Config::inst()->update('Oembed', 'providers', array(
'http://*.silverstripe.com/watch*'=> array(
'http' => 'http://www.silverstripe.com/oembed/',
'https' => 'https://www.silverstripe.com/oembed/?scheme=https',
),
'https://*.silverstripe.com/watch*'=> array(
'http' => 'http://www.silverstripe.com/oembed/',
'https' => 'https://www.silverstripe.com/oembed/?scheme=https',
)
));

Config::inst()->update('Director', 'alternate_protocol', 'http');

foreach(array('http', 'https') as $protocol) {
$url = $protocol.'://www.silverstripe.com/watch12345';
$result = Oembed::get_oembed_from_url($url);

$this->assertInstanceOf('Oembed_Result', $result);
$this->assertEquals($result->getOembedURL(),
'http://www.silverstripe.com/oembed/?format=json&url='.urlencode($url),
'Returns http based URLs when request is over http, regardless of source URL');
}

Config::inst()->update('Director', 'alternate_protocol', 'https');

foreach(array('http', 'https') as $protocol) {
$url = $protocol.'://www.silverstripe.com/watch12345';
$result = Oembed::get_oembed_from_url($url);

$this->assertInstanceOf('Oembed_Result', $result);
$this->assertEquals($result->getOembedURL(),
'https://www.silverstripe.com/oembed/?scheme=https&format=json&url='.urlencode($url),
'Returns https based URLs when request is over https, regardless of source URL');
}

Config::inst()->update('Director', 'alternate_protocol', 'foo');

foreach(array('http', 'https') as $protocol) {
$url = $protocol.'://www.silverstripe.com/watch12345';
$result = Oembed::get_oembed_from_url($url);

$this->assertInstanceOf('Oembed_Result', $result);
$this->assertEquals($result->getOembedURL(),
'http://www.silverstripe.com/oembed/?format=json&url='.urlencode($url),
'When request protocol doesn\'t have specific handler, fall back to first option');
}
}
}

0 comments on commit 8801a50

Please sign in to comment.