FEATURE: Additional control of iframes in oneboxes (#10523)

This commit adds a new site setting "allowed_onebox_iframes". By default, all onebox iframes are allowed. When the list of domains is restricted, Onebox will automatically skip engines which require those domains, and use a fallback engine.
2025-02-25 18:55:32 -06:00 · 2020-08-27 20:12:13 +01:00
parent c172f2068d
commit a3577435f7
7 changed files with 84 additions and 48 deletions
--- a/lib/onebox/engine/allowlisted_generic_onebox.rb
+++ b/lib/onebox/engine/allowlisted_generic_onebox.rb
@@ -16,24 +16,6 @@ module Onebox
        Float::INFINITY
      end

-      private
-
-      # overwrite to allowlist iframes
-      def is_embedded?
-        return false unless data[:html] && data[:height]
-        return true if AllowlistedGenericOnebox.html_providers.include?(data[:provider_name])
-
-        if data[:html]["iframe"]
-          fragment = Nokogiri::HTML5::fragment(data[:html])
-          if iframe = fragment.at_css("iframe")
-            src = iframe["src"]
-            return src.present? && SiteSetting.allowed_iframes.split("|").any? { |url| src.start_with?(url) }
-          end
-        end
-
-        false
-      end
-
    end
  end
 end