CORS is a set of instructions between those websites that sets out what can be linked to or shared from where. If you’ve eve installed a Facebook “pixel” or some Google Analytics code, you’re pulling in resources from another website into yours.
It’s super-common for content from one website to include content from others, even if that content is invisible. Thanks CORS, I hate you tooĬORS (cross-origin resource sharing) is a thing browser vendors and web developers cooked up to try and improve the way information is shared and security is handled across websites.
PODCSAT URL EXTRACTOR CODE
Except, certainly right now – and seemingly for a long time – the code Anchor generates is misconfigured. OEmbed is a wonderful standard that opens up possibilities for a richer web experience, while keeping users safer and not just blindly trusting everything.Īnchor actually provides an oEmbed endpoint, so need not have any special rules to approve it. It’s stuff like this that gets me excited about the web, like when other apps and services like Slack, WhatsApp, and Notion started reading the tags used to tell Twitter and Facebook more about a webpage, thus making our links look much nicer when embedded into a message or a note. Now because the CMS doesn’t know it can trust the resource, it can make changes to the code to add extra security, effectively sandboxing the player so it can’t interact with any user data like cookies.
PODCSAT URL EXTRACTOR HOW TO
When I ran my old podcast hosting company, I implemented this across all episode pages, so that any CMS like WordPress, would know how to turn a seemingly arbitrary URL into a beautiful interactive audio player, with the podcast artwork and subscription buttons. This means that any URL in the world can declare its support for oEmbed, via a tag near the top of the webpage for an embeddable resource. This is fun, right?īut that’s OK, since built into the oEmbed standard is the ability for discovery. Or it might be, I don’t know… as I said the problem lies at Anchor’s door this is all just background context for fun. But for whatever reason, Anchor isn’t in the approved list. So CMSs maintained a list of known services that could be trusted, so if you pasted the URL to something from, say, Instagram, into a content block, the CMS would say “I know that’s an Instagram image let me ask Instagram for the embed code”. So 10+ years ago, a group of developers came up with the oEmbed standard, whereby the URL to a piece of content can be turned into the code necessary to embed it. (Again, this isn’t a problem for big players like YouTube and Vimeo, but it does happen to smaller sites.) What this means is that right now the code is legit, but if the hosting service goes out-of-business and someone else buys the domain, they can inject all sorts of malware, bitcoin mining code and other nastiness where that video player used to be. But if it’s a site the CMS doesn’t recognise, it will assume the code could be hijacked. That’s fine if the CMS knows the content is coming from YouTube. If you want to embed content from sites like YouTube, you need to paste in code that looks like this: That means unchecked code that deviates from simple things like paragraph tags, bulleted lists, bold text, links and so on. The problemĪs I mentioned, WordPress doesn’t want you posting “arbitrary HTML”. It’s not as pretty as Anchor’s player, but it gets the job done. Just paste in the URL to an episode hosted on Anchor, then copy the MP3 URL the tool gives you, paste that into an “Embed” block on, and WordPress will create an audio player block. Luckily we can get around that through a simple tool that will get the audio URL for an Anchor episode from its webpage. That’s because Anchor’s website isn’t configured correctly, and doesn’t allow you to paste arbitrary pieces of HTML code into its CMS for fear of that code getting hijacked (the latter is sane, the former is due to Anchor mostly being a toy, rather than a serious podcast hosting service). After doing some research for an upcoming course on turning a blog into a podcast, I discovered that, contrary to what I’d assumed, you can’t embed the Anchor audio player for an episode into a blog post hosted on.