3 namespace Drupal\media;
5 use Drupal\Component\Utility\Crypt;
6 use Drupal\Core\PrivateKey;
7 use Drupal\Core\Routing\RequestContext;
8 use Drupal\Core\Site\Settings;
11 * Providers helper functions for displaying oEmbed resources in an iFrame.
14 * This is an internal part of the oEmbed system and should only be used by
15 * oEmbed-related code in Drupal core.
17 class IFrameUrlHelper {
20 * The request context service.
22 * @var \Drupal\Core\Routing\RequestContext
24 protected $requestContext;
27 * The private key service.
29 * @var \Drupal\Core\PrivateKey
31 protected $privateKey;
34 * IFrameUrlHelper constructor.
36 * @param \Drupal\Core\Routing\RequestContext $request_context
37 * The request context service.
38 * @param \Drupal\Core\PrivateKey $private_key
39 * The private key service.
41 public function __construct(RequestContext $request_context, PrivateKey $private_key) {
42 $this->requestContext = $request_context;
43 $this->privateKey = $private_key;
47 * Hashes an oEmbed resource URL.
51 * @param int $max_width
52 * (optional) The maximum width of the resource.
53 * @param int $max_height
54 * (optional) The maximum height of the resource.
59 public function getHash($url, $max_width = NULL, $max_height = NULL) {
60 return Crypt::hmacBase64("$url:$max_width:$max_height", $this->privateKey->get() . Settings::getHashSalt());
64 * Checks if an oEmbed URL can be securely displayed in an frame.
70 * TRUE if the URL is considered secure, otherwise FALSE.
72 public function isSecure($url) {
76 $url_host = parse_url($url, PHP_URL_HOST);
77 $system_host = parse_url($this->requestContext->getCompleteBaseUrl(), PHP_URL_HOST);
79 // The URL is secure if its domain is not the same as the domain of the base
80 // URL of the current request.
81 return $url_host && $system_host && $url_host !== $system_host;