Make WordPress Core

Opened 7 months ago

Last modified 2 months ago

#60182 assigned enhancement

Add Gumlet.com to oEmbed allowlist

Reported by: akbansa's profile akbansa Owned by: akbansa's profile akbansa
Milestone: Future Release Priority: normal
Severity: normal Version:
Component: Embeds Keywords: has-patch dev-feedback
Focuses: Cc:

Description

I use Gumlet for my videos, a video hosting platform similar to YouTube. While WordPress's core Editor render Youtube URLs but not Gumlet.

Gumlet supports oEmbed and so does WordPress. But on checking further, I found that you have a whitelisted domain list for videos.

Please add Gumlet oEmbed support to the whitelisted domains. Gumlet supports Embedding on two URLs, attached below -

https://api.gumlet.com/v1/oembed?url=https://www.gumlet.com/watch/6566f0c80701dac63772c357/

https://api.gumlet.com/v1/oembed?url=https://play.gumlet.io/embed/6566f0c80701dac63772c357/

Change History (30)

This ticket was mentioned in PR #5833 on WordPress/wordpress-develop by akbansa.


7 months ago
#1

  • Keywords has-patch added

https://core.trac.wordpress.org/ticket/60182#ticket

I have added support for Gumlet videos to be rendered in the WP core Editor similar to YouTube videos. Gumlet supports oEmbed and WordPress needs to add domain details for whitelisting.

Trac ticket: https://core.trac.wordpress.org/ticket/60182#ticket

#2 @akbansa
7 months ago

Just check the commit once. If it would work.

#3 @swissspidy
7 months ago

  • Focuses accessibility rest-api removed
  • Keywords reporter-feedback added
  • Version trunk deleted

Hi there,

Please check out the questionnaire at https://make.wordpress.org/core/handbook/contribute/design-decisions/#adding-new-oembed-providers and share the answers here so we can assess whether it makes sense to add this provider to the allowlist.

From what I can see, the provider does not add oEmbed discovery tags. With those, WordPress would be able to automatically detect the oEmbed endpoints, and embedding the videos would likely work.

I suggest reaching out to Gumlet to ask them to add these discovery tags. Then most likely no change would be required on the WordPress side.

#4 @akbansa
7 months ago

Thanks for asking the hard questions. I can talk to Gumlet team to add the discovery tags. However, Gumlet is verified provider on the oEmbed's list https://oembed.com/providers.json

#5 @akbansa
7 months ago

@swissspidy, I can see that the URL: https://play.gumlet.io/embed/6571a126dd0d639e6302b9db have the discoverability tags but still WP Video doesn't parse it.

#6 @swissspidy
7 months ago

When I paste https://play.gumlet.io/embed/6571a126dd0d639e6302b9db into the editor, WordPress automatically embeds the video. See https://i.imgur.com/gJquTYd.mp4. So that works

#7 @akbansa
7 months ago

I get that. But if someone uses Video block, it doesn't render. See here - https://prnt.sc/6iJu0HcnPSVI

#8 @akbansa
6 months ago

  • Keywords reporter-feedback removed

#9 @swissspidy
6 months ago

Well, the video block is for displaying some video files like MP4 that you uploaded to your site or elsewhere, not for embedding videos from third-party sites such as Gumlet or YouTube. That‘s what the Embed block is for. Pasting the URL automatically inserts an Embed block.

#10 @akbansa
6 months ago

The video block suggests to add a video URL, and not specifically MP4 URL.

If I have to agree with you, then why the list of providers is whitelisted in the backend. I think adding one more provider solves the mystery for people using Gumlet.

#11 @swissspidy
6 months ago

The video block expects a video file URL (MP4, WebM, etc.), not a link to a webpage that contains a video. But it‘s an interesting case - maybe we can detect incorrect URLs and convert them to embed blocks instead. That would help reduce confusion.

The allowlist exists for security purpose. The questionnaire link I shared above explains it.

#12 @akbansa
6 months ago

I get why the whitelisting URLs is important. That's the reason, I am pushing for Gumlet URLs.

For example: YouTube watch URL is also a page with video added on it. For example: https://imgur.com/XH1w3uy

This actually renders the content in an Iframe, Gumlet does the same.

#13 @swissspidy
6 months ago

  • Severity changed from major to normal

Please help us fill out the questionnaire I linked to above if you‘d like to see Gumlet allowlisted.

#14 follow-up: @akbansa
6 months ago

Is the service is popular enough for core developers to have heard of it before? Is it “mainstream?”

A lot of Gumlet users (these are often developers) are using it with WordPress. Here is the URL for our community - https://community.gumlet.com/search?q=wordpress

If similar services are already supported, how does this service compare in terms of size, features, and backing?

Gumlet provides great optimization like YouTube. Gumlet offers video security, player customization and engagement tools among the many others.

Does this service have an established social media presence?

Yes. Gumlet have over 2k followes on [LinkedIn](https://www.linkedin.com/company/gumlet). If you ask in Developer community, this is the most popular library for image optimisation - https://github.com/gumlet/php-image-resize

Is its oEmbed endpoint clearly established and properly documented? (Sometimes, they are just a developer’s pet project that may not be supported.)

Gumlet is a part of oEmbed's providers list - https://oembed.com/providers.json

Does the oEmbed endpoint work with WordPress’ oEmbed auto-discovery? If not, could it be made to work with additional HTML tags or attributes being added to the allow-list?

Yes, oEmbed works with auto-discovery.

Does the service make an effort to build relationships with developers, such as through robust APIs?

Yes, Gumlet is a developer friendly company with all the APIs listed publically here - https://docs.gumlet.com/reference/getting-started-with-rest-apis

How old is the service?

Gumlet was founded in 2019

Does it have a well-established Wikipedia article? (Seriously.)

No. Just curious if it's required. If yes, why?

Has anyone written a WordPress plugin that leverages the service in some way, whether adding it as an oEmbed provider, creating a shortcode, or leveraging other APIs of the service?

Gumlet have a WordPress plugin for image optimisation. However, no plugin for Video. As the Embed code is widely supported across WordPress - https://wordpress.org/plugins/gumlet/

Do these plugins have any noticeable adoption or traction that would indicate usage and demand?

The plugin is used by quite a lot of Gumlet users.

Is the provider frequently proposed?

Yes, for video. It's proposed by many users in different forms. Here are their roadmap URLs: https://feedback.gumlet.com/feature-requests/p/gumlet-video-embed-block. A lot of users asks about the Video block support on Customer Support for this.

Let me know if any clarifications is needed on any of the above.

#15 @akbansa
6 months ago

  • Keywords has-dev-note added

#16 in reply to: ↑ 14 @swissspidy
6 months ago

  • Keywords has-dev-note removed
  • Milestone changed from Awaiting Review to Future Release
  • Summary changed from WordPress core editor doesn't render Gumlet videos to Add Gumlet.com to oEmbed allowlist

Thanks for going through these, your help is appreciated!

Removing has-dev-note. This keyword is only used to indicate that a dev note has been published on the make.wordpress.org/core blog outlining a significant code change. That's not the case here.

Is the service is popular enough for core developers to have heard of it before? Is it “mainstream?”

A lot of Gumlet users (these are often developers) are using it with WordPress. Here is the URL for our community - https://community.gumlet.com/search?q=wordpress

If similar services are already supported, how does this service compare in terms of size, features, and backing?

Gumlet provides great optimization like YouTube. Gumlet offers video security, player customization and engagement tools among the many others.

Do you happen to have any indicator about how big the site is (i.e. how many users).

Is its oEmbed endpoint clearly established and properly documented? (Sometimes, they are just a developer’s pet project that may not be supported.)

Gumlet is a part of oEmbed's providers list - https://oembed.com/providers.json

oembed.com is simply a community-maintained list of providers that support oEmbed. What we're looking for is clear developer documentation. I can't find any on docs.gumlet.com.

Does it have a well-established Wikipedia article? (Seriously.)

No. Just curious if it's required. If yes, why?

It's not a requirement by itself, but another indicator for how established the service is in general.

Simply put, we don't want to add a provider to the allowlist that might go bankrupt tomorrow.

Has anyone written a WordPress plugin that leverages the service in some way, whether adding it as an oEmbed provider, creating a shortcode, or leveraging other APIs of the service?

Gumlet have a WordPress plugin for image optimisation. However, no plugin for Video. As the Embed code is widely supported across WordPress - https://wordpress.org/plugins/gumlet/

Do these plugins have any noticeable adoption or traction that would indicate usage and demand?

The plugin is used by quite a lot of Gumlet users.

Just for the record: 800 active installs at time of writing


I'm changing the milestone of this to indicate that we may add this to the allowlist in the future. However, given the popularity of the platform, lack of documentation for the endpoint, and the fact that pasting Gumlet URLs works just fine, there is no immediate need to do so.

#17 @akbansa
6 months ago

Thanks, @swissspidy, for the comments.

Here are the answers to your follow-up questions:

Do you happen to have any indicator about how big the site is (i.e. how many users).

15-20K users

Simply put, we don't want to add a provider to the allowlist that might go bankrupt tomorrow.

Chances are less. Reason being - they published their annual numbers such 6Mn minutes transcoded with 240 Mn minutes streaming. Read here: https://www.gumlet.com/blog/2023-year-in-review/

oembed.com is simply a community-maintained list of providers that support oEmbed. What we're looking for is clear developer documentation. I can't find any on docs.gumlet.com.

I have asked for this on their chat support. They will write probably in a day or two.

Let me know if you have more questions.

#18 @akbansa
6 months ago

@swissspidy, the Gumlet team have documented the oEmbed support. You can find it here - https://docs.gumlet.com/docs/oembed-support.

#19 @akbansa
5 months ago

@swissspidy, I am seeing some issues with just oEmbed and not whitelisted.

<iframe class=\"wp-embedded-content\" sandbox=\"allow-scripts\" security=\"restricted\" title=\"Red Porsche looks great\" width=\"600\" height=\"450\" src=\"https:\/\/play.gumlet.io\/embed\/65a79ba4df193d90ae313644#?secret=DRecza9W78\" data-secret=\"DRecza9W78\" frameBorder=\"0\"><\/iframe>

It adds some secret to the code and removes allow attribute. The allow contain allow=\"accelerometer; autoplay; clipboard-write; encrypted-media; gyroscope; picture-in-picture; fullscreen\" that stops us from standard browser functions.

#20 @swissspidy
5 months ago

Yes, WordPress modifies allow for security reasons if the provider is not allowlisted/trusted. Usually the embeds work just fine though. Are any embeds severely broken by this? In my testing last time everything seemed to work.

#21 @akbansa
5 months ago

@swissspidy, the Embed full screen doesn't work. That's the biggest blocker.

#23 @akbansa
5 months ago

@zecydfng77, that seems to be temporary solution. There are more users who are facing the same issue. See the recent issue - https://community.gumlet.com/t/wordpress-share-url-full-screen-is-not-full-screen/2054

There are more like this.

Last edited 5 months ago by akbansa (previous) (diff)

#24 @akbansa
5 months ago

@swissspidy can you help us with this? It's been pending for a long now.

#25 @swissspidy
5 months ago

  • Keywords dev-feedback added

Right now we‘re in 6.5 beta, which means any kind of enhancement will have to wait.

At the moment I still think this is best handled through a plugin, given the smaller size and popularity and a plugin already existing.

#26 @akbansa
5 months ago

  • Keywords dev-feedback removed

@swissspidy, the plugin's main purpose is for image optimisation across wordpress websites. It works differently and also marketed as Image Optimisation. So we would urge for the enhancement. However, I understand it might take some time. But we would wait for the enhancement.

#27 @swissspidy
5 months ago

  • Keywords dev-feedback added

You could also create a new plugin just for the embed.

Please keep the tag, thanks :) It means a second contributor‘s feedback is wanted here.

#28 @akbansa
5 months ago

@swissspidy, I think creating a plugin and maintaining it for some core functionality of the platform is too much effort. The platform can make it working with just a couple of lines of code.

My bad, I'll keep the tag.

#29 @akbansa
2 months ago

@swissspidy, any further progress or updates on this one?

#30 @swissspidy
2 months ago

cc @peterwilsoncc for 2nd opinion

#31 @peterwilsoncc
2 months ago

I agree with the earlier comment that this is best left to a plugin for now.

Unlike YouTube, SoundCloud and other providers in the WordPress oEmbed allow list, I can not see any way for unpaid Gumlet members to browse videos on the site and make use of the content.

This limits the usefulness of providing oEmbed to the 15-20K users of the service. This is a tiny fraction of WordPress users.

@akbansa If you look at the Jotform and STN Video plugins, you'll see that adding a provider via a plugin is three or four lines of code. I think that's the best approach for this service.

Note: See TracTickets for help on using tickets.