Contrib.social

Fix X-Frame-Options sameorigin preventing embeds

Open on Drupal.org →
Created on 12 February 2024, 10 months ago

Problem/Motivation

Embedding H5P content on a website with a different domain results in an error caused by the X-Frame-Options being set to 'sameorigin'.

Steps to reproduce

Try to embed an H5P in a website with a different domain.

Proposed resolution

Apply the attached patch which removes the X-Frame-Origin header for the h5p.content.embed route.

Remaining tasks

Review and apply the attached patch.

🐛 Bug report
Status

Needs review

Version

2.0

Component

Code

Created by

🇨🇦Canada shaundychko

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.71.5 2024