Problem/Motivation

The resolution of Warning message on Status Report page confuses designer.

I feel that if something is important enough to warn me about on a status report, then it's value should be added to the list of the
"Checked" key/value pairs.
ie; Add under the Checked heading: OEMBED IFRAME DOMAIN = "https://vimeo.com"

During a new d9 install the following warning displays:
"It is potentially insecure to display oEmbed content in a frame that is served from the same domain as your main Drupal site, as this may allow execution of third-party code. You can specify a different domain for serving oEmbed content here."

Upon specifying a serving domain for oEmbed content - there is no indication on the page that the user actually succeeded.

Steps to reproduce

Install d9.
run admin/reports/status
Enter a server domain - eg; 'https://vimeo.com' and save.
Save and re-run
No indication shows

It is ultimately found hiding under admin/config/media/media-settings.

Proposed resolution

Add another status line under the CHECKED heading for OEMBED IFRAME DOMAIN
then display the stored key/value pair eg; "https://vimeo.com"

Remaining tasks

User interface changes

API changes

Data model changes

Release notes snippet

Comments

jshimota01 created an issue. See original summary.

cilefen’s picture

cilefen commented
Component: configuration system » media system

Version: 9.5.x-dev » 10.1.x-dev

Drupal 9.5.0-beta2 and Drupal 10.0.0-beta2 were released on September 29, 2022, which means new developments and disruptive changes should now be targeted for the 10.1.x-dev branch. For more information see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

Version: 10.1.x-dev » 11.x-dev

Drupal core is moving towards using a “main” branch. As an interim step, a new 11.x branch has been opened, as Drupal.org infrastructure cannot currently fully support a branch named main. New developments and disruptive changes should now be targeted for the 11.x branch, which currently accepts only minor-version allowed changes. For more information, see the Drupal core minor version schedule and the Allowed changes during the Drupal core release cycle.

longwave’s picture

longwave
he/him
Primary language English
Location UK
commented
Status: Active » Closed (won't fix)

The warning has been removed, so there is no need for the status report check.

Now that this issue is closed, review the contribution record.

As a contributor, attribute any organization that helped you, or if you volunteered your own time.

Maintainers, credit people who helped resolve this issue.