From abeed7ab67d5300e091b770438d0c5c6ac1d5f66 Mon Sep 17 00:00:00 2001
From: Ayke Halder <mail@ayke-halder.de>
Date: Wed, 5 Apr 2023 15:36:20 +0200
Subject: [PATCH] [BUGFIX] Apply no-cookie for vimeo when setting is missing
Improve the privacy of users by using the no-cookie setting
by default as fallback and set the do not track parameter to 1.
This fix recreates the behaviour already implemented for YouTube
embedded media to also apply for Vimeo embedded media:
If the setting 'no-cookie' is not set at all then use the
'no-cookie' url anyway.
Resolves: #100466
Releases: main, 11.5
Change-Id: I37e23f6220696591c2eb7d58dd8932d9b766a491
Reviewed-on: https://review.typo3.org/c/Packages/TYPO3.CMS/+/78572
Tested-by: core-ci <typo3@b13.com>
Tested-by: Georg Ringer <georg.ringer@gmail.com>
Reviewed-by: Georg Ringer <georg.ringer@gmail.com>
---
.../Resource/Rendering/VimeoRenderer.php | 2 +-
.../Resource/Rendering/VimeoRendererTest.php | 41 ++++++++++++-------
2 files changed, 28 insertions(+), 15 deletions(-)
diff --git a/typo3/sysext/core/Classes/Resource/Rendering/VimeoRenderer.php b/typo3/sysext/core/Classes/Resource/Rendering/VimeoRenderer.php
index ca6bc9f8a995..d893fd2355d8 100644
--- a/typo3/sysext/core/Classes/Resource/Rendering/VimeoRenderer.php
+++ b/typo3/sysext/core/Classes/Resource/Rendering/VimeoRenderer.php
@@ -148,7 +148,7 @@ class VimeoRenderer implements FileRendererInterface
if (isset($options['api']) && (int)$options['api'] === 1) {
$urlParams[] = 'api=1';
}
- if (!empty($options['no-cookie'])) {
+ if (!isset($options['no-cookie']) || !empty($options['no-cookie'])) {
$urlParams[] = 'dnt=1';
}
$urlParams[] = 'title=' . (int)!empty($options['showinfo']);
diff --git a/typo3/sysext/core/Tests/Unit/Resource/Rendering/VimeoRendererTest.php b/typo3/sysext/core/Tests/Unit/Resource/Rendering/VimeoRendererTest.php
index 44f47df458db..707ce11b636f 100644
--- a/typo3/sysext/core/Tests/Unit/Resource/Rendering/VimeoRendererTest.php
+++ b/typo3/sysext/core/Tests/Unit/Resource/Rendering/VimeoRendererTest.php
@@ -91,7 +91,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200')
);
}
@@ -104,7 +104,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?loop=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?loop=1&dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['loop' => 1])
);
}
@@ -117,7 +117,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="autoplay; fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="autoplay; fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['autoplay' => 1])
);
}
@@ -134,7 +134,7 @@ class VimeoRendererTest extends UnitTestCase
$fileReferenceMock->method('getOriginalFile')->willReturn($fileResourceMock);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="autoplay; fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="autoplay; fullscreen"></iframe>',
$this->subject->render($fileReferenceMock, '300m', '200')
);
}
@@ -147,7 +147,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="autoplay; fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="autoplay; fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['autoplay' => 1])
);
}
@@ -160,7 +160,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?title=0&byline=0&portrait=0" allowfullscreen foo="bar" custom-play="preload" sanitizetest="<>"'test" width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?dnt=1&title=0&byline=0&portrait=0" allowfullscreen foo="bar" custom-play="preload" sanitizetest="<>"'test" width="300" height="200" allow="fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['additionalAttributes' => ['foo' => 'bar', 'custom-play' => 'preload', '<"\'>sanitize^&test' => '<>"\'test']])
);
}
@@ -173,7 +173,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?title=0&byline=0&portrait=0" allowfullscreen data-player-handler="vimeo" data-custom-playerId="player-123" data-sanitizetest="test" width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?dnt=1&title=0&byline=0&portrait=0" allowfullscreen data-player-handler="vimeo" data-custom-playerId="player-123" data-sanitizetest="test" width="300" height="200" allow="fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['data' => ['player-handler' => 'vimeo', 'custom-playerId' => 'player-123', '*sanitize&test"' => 'test']])
);
}
@@ -186,7 +186,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?title=0&byline=0&portrait=0" allowfullscreen foo="bar" custom-play="preload" data-player-handler="vimeo" data-custom-playerId="player-123" width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?dnt=1&title=0&byline=0&portrait=0" allowfullscreen foo="bar" custom-play="preload" data-player-handler="vimeo" data-custom-playerId="player-123" width="300" height="200" allow="fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['data' => ['player-handler' => 'vimeo', 'custom-playerId' => 'player-123'], 'additionalAttributes' => ['foo' => 'bar', 'custom-play' => 'preload']])
);
}
@@ -199,7 +199,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="foo; bar"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="foo; bar"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['allow' => 'foo; bar'])
);
}
@@ -212,7 +212,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="foo; bar"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?autoplay=1&muted=1&dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="foo; bar"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['allow' => 'foo; bar', 'autoplay' => 1])
);
}
@@ -231,7 +231,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331/private0123?title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331/private0123?dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
$subject->render($fileResourceMock, '300m', '200')
);
}
@@ -250,7 +250,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331<script>danger</script>'"random"quotes;?title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331<script>danger</script>'"random"quotes;?dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
$subject->render($fileResourceMock, '300m', '200')
);
}
@@ -263,7 +263,7 @@ class VimeoRendererTest extends UnitTestCase
$fileResourceMock = $this->createMock(File::class);
self::assertSame(
- '<iframe src="https://player.vimeo.com/video/7331?api=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
+ '<iframe src="https://player.vimeo.com/video/7331?api=1&dnt=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
$this->subject->render($fileResourceMock, '300m', '200', ['api' => 1])
);
}
@@ -271,7 +271,7 @@ class VimeoRendererTest extends UnitTestCase
/**
* @test
*/
- public function renderOutputWithDisabledNoCookieIsCorrect(): void
+ public function renderOutputWithEnabledNoCookieIsCorrect(): void
{
$fileResourceMock = $this->createMock(File::class);
@@ -280,4 +280,17 @@ class VimeoRendererTest extends UnitTestCase
$this->subject->render($fileResourceMock, '300m', '200', ['api' => 1, 'no-cookie' => 1])
);
}
+
+ /**
+ * @test
+ */
+ public function renderOutputWithDisabledNoCookieIsCorrect(): void
+ {
+ $fileResourceMock = $this->createMock(File::class);
+
+ self::assertSame(
+ '<iframe src="https://player.vimeo.com/video/7331?api=1&title=0&byline=0&portrait=0" allowfullscreen width="300" height="200" allow="fullscreen"></iframe>',
+ $this->subject->render($fileResourceMock, '300m', '200', ['api' => 1, 'no-cookie' => 0])
+ );
+ }
}
--
GitLab