# apostrophe-oembed
# Inherits from: apostrophe-module
# apos.oembed
The oembed module provides an oembed query service for embedding
third-party website content, such as YouTube videos. The service includes
enhancements and substitutes for several services that do not support
oembed or do not support it well, and it is possible to add more by
extending the enhanceOembetter method. The server-side
code provides a query route with caching. The browser-side code
provides methods to make a query, and also to make a query and then immediately
display the result.
Also see the oembetter (opens new window) npm module and the oembed (opens new window) documentation.
Sites to be embedded need to be added to the safeList, to avoid XSS attacks. Many
widely trusted sites are already on the list. This is troue even when
falling back to Open Graph, because of port scanning risks.
Your safeList option is concatenated with oembetter's standard
list, plus wufoo.com, infogr.am, and slideshare.net.
The option name allowlist is also permitted for consistency with oembetter
and other tools.
Your endpoints option is concatenated with oembetter's standard
endpoints list.
# Methods
# query(req, url, options, mainCallback) [api]
This method fetches the specified URL, determines its best embedded
representation via oembetter, and on success invokes its callback with null
and an object containing the oembed API response from the service provider.
If oembetter has no luck, open graph is used as a fallback,
unless options.neverOpenGraph is set.
If options.alwaysIframe is true, the result is a simple
iframe of the URL. If options.iframeHeight is set, the iframe
has that height in pixels, otherwise it is left to CSS.
The options object is passed on to oembetter.fetch.
Responses are automatically cached, by default for one hour. See the cacheLifetime option to the module.
# openGraph(req, url, callback) [api]
Given a URL, return a nice oembed response for it
based on its Open Graph tags, or the best we can
fake, based on the HTML markup of the page. Called
for you by self.query if oembetter is unsuccessful.
# iframe(req, url, options, callback) [api]
Given a URL, return an oembed response for it which just iframes the URL given. Fetches the page first to get the title property.
If options.iframeHeight is set, use that # of pixels, otherwise do not specify & let CSS do it.
Called by self.query if the alwaysIframe option
is true.
# afterScriptLoads(script, beforeId, scriptId, then) [api]
Returns browser-side javascript to load a given
cross-domain js file dynamically and then run
the javascript code in the then string argument.
script should be a URL pointing to the third-party
js file and may start with // to autoselect
http or https depending on how the page was loaded.
You may supply an id attribute for the script tag. Some services rely on these (infogr.am).
You may also supply the ID of an element that the script should be inserted immediately before. Some services try to infer how they should behave from the context the script tag is in (infogr.am).
This code was inspired by the wufoo embed code and
is used to dynamically load wufoo and other services
that use js-based embed codes. See the oembetter
filter in wufoo.js.
# pushAssets() [browser]
Push assets to the browser. Called by afterConstruct.
# pushCreateSingleton() [browser]
Create the browser-side apos.oembed singleton, enabling
calls to apos.oembed.query and apos.oembed.queryAndPlay.
Called by afterConstruct.
# pushCreateSingleton()
Create the browser-side object apos.oembed for convenient oembed queries
and display of oembed responses. Called by afterConstruct.
# createOembetter()
Creates an instance of the oembetter module and adds the standard allowlist.
Called by afterConstruct.
# enhanceOembetter()
Enhances oembetter to support services better or to support services
that have no oembed support by default. Called by afterConstruct.
Extend this method to add additional oembetter filters.
# createRoutes()
Add oembed query API routes. Called by afterConstruct.
# API Routes
# GET /modules/apostrophe-oembed/query
Simple API to self.query, with caching. Accepts url and alwaysIframe parameters; alwaysIframe is assumed false if not provided. The response is a JSON object as returned by apos.oembed.