WordPress.org

Make WordPress Core

Opened 21 months ago

Closed 21 months ago

Last modified 21 months ago

#44281 closed defect (bug) (invalid)

Codepen embeds won't render, lacks "referrer"

Reported by: Joen Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Embeds Keywords:
Focuses: Cc:

Description

Steps to reproduce:

  • Paste a codepen into the editor. Such as this: https://codepen.io/joen/pen/oEzYxb
  • Note how it converts to a codepen embed.
  • Click "run pen", or publish first and then click "run pen" on the frontend.

Observe that the embed asks for a "referrer" that apparently isn't present.

Attachments (1)

codepen.png (235.5 KB) - added by Joen 21 months ago.

Download all attachments as: .zip

Change History (6)

@Joen
21 months ago

#1 @Joen
21 months ago

  • Summary changed from Codepen embeds won't redner, lacks "referrer" to Codepen embeds won't render, lacks "referrer"

#2 @swissspidy
21 months ago

Non-whitelisted embeds come with some security restrictions. I guess browsers don't send a referrer header in that case.

To fix this, CodePen should either remove that requirement or we need to whitelist them. See #27658.

Note that some people choose to not send referrers anyway, so even whitelisting doesn't help.

#3 @Joen
21 months ago

Thanks for the response. Would it be an option to simply remove Codepen oembed support?

#4 @johnbillion
21 months ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version trunk deleted

Codepen isn't supported in WordPress via the whitelisted embeds, so there's nothing to remove.

Your best bet is to get in touch with Codepen and let them know about the problem. It's not specific to WordPress.

#5 @Joen
21 months ago

Awesome, thanks a whole bunch for the info!

Note: See TracTickets for help on using tickets.