is it possible to use an embedded link of a H5P element only for myself to integrate it into another website and prevent others to embed this element on their website?
Thanks in advance!
Fri, 01/07/2022 - 00:01
If you have a server that you can configure yourself, then yes. You can set a so called "Content Security Policy" that allows you to define what other servers are allowed to embed content from yours (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Content-Security-Policy/frame-ancestors).
An older approach that was at the mercy of browsers supporting it is using X-Frame Options (https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options) that also require server configuration.
Mon, 01/10/2022 - 12:20
Thank you very much, works very well.
Mon, 01/10/2022 - 22:36
Glad you figured it out! That was certainly not easy, but you"re proof that solving those issues is possible without having step-by-step guides (which can hardly be given for all the possible scenarios) but with some useful links.
And thanks for saying thanks!
Fri, 01/14/2022 - 15:29
Just one question: I checked it from my laptop and it worked but when checking it on my mobile phone the embedded frame is blocked. Do you know why this is?
Fri, 01/14/2022 - 18:56
Nope, can't tell without knowing details.
Tue, 01/25/2022 - 15:38
I tried a few things out and searched a lot on Google but wasn't successful with it. So I will post some details, maybe it helps someone to answer the question:
In general it works in Firefox + Chrome, but Safari (not only on mobile) seems to have problems with the embedding iFrame. I set the following line in my .htaccess
Header set Content-Security-Policy: "frame-ancestors domain1 domain2/embed.php?id=1;"
In the browser console I receive the following error:
The source list for Content Security Policy directive 'frame-ancestors' contains a source with invalid path: '/embed.php?id=1'. The query component, including the "?" will be ignored. Refused to load domain2/embed.php?id=1 because it does not appear in the frame-ancestors directive of the Content Security Policy.
The URL for the video is with the query parameter part, without it I can't call the video page and I think that is what's happening here. I need to add the video URL to the htaccess but it doesn't allow it, so how am I supposed to configure this? :/
Connect with H5P
H5P is a registered trademark of H5P Group