From 4f1bfd7eeadf14d2f3801154c20ed03ab92acb79 Mon Sep 17 00:00:00 2001 From: Ruxton Date: Mon, 29 Apr 2013 15:11:05 +0800 Subject: [PATCH] oembed_providers.yml added for custom (outside of ruby-oembed) oEmbed providers. --- Changelog.md | 2 ++ config/initializers/oembed.rb | 30 ++++++++++++------------------ config/load_config.rb | 2 +- config/oembed_providers.yml | 19 +++++++++++++++++++ 4 files changed, 34 insertions(+), 19 deletions(-) create mode 100644 config/oembed_providers.yml diff --git a/Changelog.md b/Changelog.md index bc4d2a5f3..213f674ae 100644 --- a/Changelog.md +++ b/Changelog.md @@ -108,6 +108,7 @@ everything is set up. * Attempt to stabilize federation of attached photos (fix [#3033](https://github.com/diaspora/diaspora/issues/3033) [#3940](https://github.com/diaspora/diaspora/pull/3940) * Refactor develop install script [#4111](https://github.com/diaspora/diaspora/pull/4111) * Remove special hacks for supporting Ruby 1.8 [#4113] (https://github.com/diaspora/diaspora/pull/4139) +* Moved custom oEmbed providers to config/oembed_providers.yml [#4131](https://github.com/diaspora/diaspora/pull/4131) ## Bug fixes @@ -151,6 +152,7 @@ everything is set up. * Add shortcut key Shift to submit comments and publish posts. [#4096](https://github.com/diaspora/diaspora/pull/4096) * Show the service username in a tooltip next to the publisher icons [#4126](https://github.com/diaspora/diaspora/pull/4126) * Ability to add location when creating a post [#3803](https://github.com/diaspora/diaspora/pull/3803) +* Added oEmbed provider for MixCloud. [#4131](https://github.com/diaspora/diaspora/pull/4131) # 0.0.3.4 diff --git a/config/initializers/oembed.rb b/config/initializers/oembed.rb index 329163d79..e7d98d648 100644 --- a/config/initializers/oembed.rb +++ b/config/initializers/oembed.rb @@ -7,18 +7,6 @@ require 'uri' # note that 'trusted_endpoint_url' is the only information # in OEmbed that we can trust. anything else may be spoofed! -OEmbedCubbies = OEmbed::Provider.new("http://cubbi.es/oembed") - -OEmbedDailyMotion = OEmbed::Provider.new("http://www.dailymotion.com/services/oembed") -OEmbedDailyMotion << "http://www.dailymotion.com/video/*" - -OEmbedTwitter = OEmbed::Provider.new("https://api.twitter.com/1/statuses/oembed.json") -OEmbedTwitter << "http://twitter.com/*/status/*" -OEmbedTwitter << "https://twitter.com/*/status/*" - -OEmbedMixCloud = OEmbed::Provider.new("http://www.mixcloud.com/oembed/") -OEmbedMixCloud << "http://www.mixcloud.com/*/*" - # patch in support for new https soundcloud OEmbed::Providers::SoundCloud << "https://*.soundcloud.com/*" @@ -27,13 +15,19 @@ oembed_provider_list = [ OEmbed::Providers::Vimeo, OEmbed::Providers::SoundCloud, OEmbed::Providers::Instagram, - OEmbed::Providers::Flickr, - OEmbedCubbies, - OEmbedDailyMotion, - OEmbedTwitter, - OEmbedMixCloud + OEmbed::Providers::Flickr ] +oembed_providers = YAML.load_file(Rails.root.join("config", "oembed_providers.yml")) + +oembed_providers.each do |provider_name, provider| + oembed_provider = OEmbed::Provider.new(provider["endpoint"]) + provider["urls"].each do |provider_url| + oembed_provider << provider_url + end if provider["urls"] + oembed_provider_list << oembed_provider +end + SECURE_ENDPOINTS = oembed_provider_list.map do |provider| OEmbed::Providers.register(provider) provider.endpoint @@ -41,4 +35,4 @@ end OEmbed::Providers.register_fallback(OEmbed::ProviderDiscovery) -TRUSTED_OEMBED_PROVIDERS = OEmbed::Providers +TRUSTED_OEMBED_PROVIDERS = OEmbed::Providers \ No newline at end of file diff --git a/config/load_config.rb b/config/load_config.rb index e9fa0d92a..f7f060ccb 100644 --- a/config/load_config.rb +++ b/config/load_config.rb @@ -37,7 +37,7 @@ AppConfig ||= Configurate::Settings.create do add_provider Configurate::Provider::YAML, config_dir.join("defaults.yml"), namespace: "defaults" - + extend Configuration::Methods if rails_env == "production" && diff --git a/config/oembed_providers.yml b/config/oembed_providers.yml new file mode 100644 index 000000000..1c3970820 --- /dev/null +++ b/config/oembed_providers.yml @@ -0,0 +1,19 @@ +# SECURITY NOTICE! CROSS-SITE SCRIPTING! +# these endpoints may inject html code into our page +# note that 'endpoint' is the only information +# in OEmbed that we can trust. anything else may be spoofed! +daily_motion: + endpoint: "http://www.dailymotion.com/services/oembed" + urls: + - http://www.dailymotion.com/video/* + +twitter: + endpoint: "https://api.twitter.com/1/statuses/oembed.json" + urls: + - http://twitter.com/*/status/* + - https://twitter.com/*/status/* + +mixcloud: + endpoint: "http://www.mixcloud.com/oembed/" + urls: + - http://www.mixcloud.com/*/* \ No newline at end of file