Contrib.social

Fix X-Frame-Options sameorigin preventing embeds

Open on Drupal.org β†’
Created on 12 February 2024, 4 months ago

Problem/Motivation

Embedding H5P content on a website with a different domain results in an error caused by the X-Frame-Options being set to 'sameorigin'.

Steps to reproduce

Try to embed an H5P in a website with a different domain.

Proposed resolution

Apply the attached patch which removes the X-Frame-Origin header for the h5p.content.embed route.

Remaining tasks

Review and apply the attached patch.

πŸ› Bug report
Status

Needs review

Version

2.0

Component

Code

Created by

πŸ‡¨πŸ‡¦Canada ShaunDychko

Live updates comments and jobs are added and updated live.
Sign in to follow issues

Comments & Activities

contrib.social Blog FAQ Discussions
Production build 0.69.0 2024