Skip to content

E
edx-platform
Commit 87b84c3e by Ernie Park
Options

make origin for html5 video flexible and use document.domain

parent 7a6656a5
Showing with 1 additions and 2 deletions
video_init.js
...@@ -9,8 +9,7 @@ if (swfobject.hasFlashPlayerVersion("10.1")){ ...@@ -9,8 +9,7 @@ if (swfobject.hasFlashPlayerVersion("10.1")){
"ytapiplayer", "640", "385", "8", null, null, params, atts); "ytapiplayer", "640", "385", "8", null, null, params, atts);
} else { } else {
//end of this URL may need &origin=http://..... once pushed to production to prevent XSS $("#html5_player").attr("src", "http://www.youtube.com/embed/" + streams["1.0"] + "?enablejsapi=1&controls=0&origin=" + document.domain);
$("#html5_player").attr("src", "http://www.youtube.com/embed/" + streams["1.0"] + "?enablejsapi=1&controls=0&origin=https://6002xint.mitx.mit.edu");
$("#html5_player").show(); $("#html5_player").show();
var tag = document.createElement('script'); var tag = document.createElement('script');
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment