Make WordPress Core

Opened 2 years ago

Closed 2 years ago

Last modified 2 years ago

#44281 closed defect (bug) (invalid)

Codepen embeds won't render, lacks "referrer"

Reported by: Joen Owned by:
Milestone: Priority: normal
Severity: minor Version:
Component: Embeds Keywords:
Focuses: Cc:


Steps to reproduce:

  • Paste a codepen into the editor. Such as this: https://codepen.io/joen/pen/oEzYxb
  • Note how it converts to a codepen embed.
  • Click "run pen", or publish first and then click "run pen" on the frontend.

Observe that the embed asks for a "referrer" that apparently isn't present.

Attachments (1)

codepen.png (235.5 KB) - added by Joen 2 years ago.

Download all attachments as: .zip

Change History (6)

2 years ago

#1 @Joen
2 years ago

  • Summary changed from Codepen embeds won't redner, lacks "referrer" to Codepen embeds won't render, lacks "referrer"

#2 @swissspidy
2 years ago

Non-whitelisted embeds come with some security restrictions. I guess browsers don't send a referrer header in that case.

To fix this, CodePen should either remove that requirement or we need to whitelist them. See #27658.

Note that some people choose to not send referrers anyway, so even whitelisting doesn't help.

#3 @Joen
2 years ago

Thanks for the response. Would it be an option to simply remove Codepen oembed support?

#4 @johnbillion
2 years ago

  • Milestone Awaiting Review deleted
  • Resolution set to invalid
  • Status changed from new to closed
  • Version trunk deleted

Codepen isn't supported in WordPress via the whitelisted embeds, so there's nothing to remove.

Your best bet is to get in touch with Codepen and let them know about the problem. It's not specific to WordPress.

#5 @Joen
2 years ago

Awesome, thanks a whole bunch for the info!

Note: See TracTickets for help on using tickets.