[wp-trac] [WordPress Trac] #58120: oEmbed Mastodon
WordPress Trac
noreply at wordpress.org
Fri Apr 14 01:46:05 UTC 2023
#58120: oEmbed Mastodon
-----------------------------+------------------------------
Reporter: mediaformat | Owner: (none)
Type: feature request | Status: new
Priority: normal | Milestone: Awaiting Review
Component: Embeds | Version:
Severity: normal | Resolution:
Keywords: | Focuses:
-----------------------------+------------------------------
Comment (by Otto42):
Note that adding `allow-same-origin` to the sandbox will also make the
styling happen correctly.
Also note that to test this properly, you need to clear (or disable) the
oembed cache in the postmeta. The iframe, including the sandbox field, is
stored as post meta for caching reasons.
The reason this works is because, without the ability to allow-same-
origin, the contents of the iframe pass their origin as null. Therefore,
the CORS checks don't pass because the origin doesn't match.
I am uncertain of the security implications for this. Nevertheless, it is
a viable option rather than eliminating sandbox security entirely.
--
Ticket URL: <https://core.trac.wordpress.org/ticket/58120#comment:6>
WordPress Trac <https://core.trac.wordpress.org/>
WordPress publishing platform
More information about the wp-trac
mailing list