szeidler · July 5, 2021 09:25
diff --git a/EmbedSubscriber.php b/EmbedSubscriber.php
 <?php

 // REMOVE ME: Place in /web/modules/custom/mymodule/src/EventSubscriber/EmbedSubscriber.php

 namespace Drupal\mymodule_embed\EventSubscriber;

 use Symfony\Component\EventDispatcher\EventSubscriberInterface;
 use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
 use Symfony\Component\HttpKernel\KernelEvents;

 class EmbedSubscriber implements EventSubscriberInterface {

  /**
   * {@inheritdoc}
   */
  static function getSubscribedEvents() {
    $events[KernelEvents::RESPONSE][] = ['onRespond'];
    return $events;
  }

  /**
   * Removes the X-Frame-Options http header for specific URIs.
   *
   * Used to allow iframe embeds and prevent same origin
   * policy problems in the browser.
   *
   * @param FilterResponseEvent $event
   */
  public function onRespond(FilterResponseEvent $event) {
    $response = $event->getResponse();
    $whitelistedUris = ['/path1whitelist', '/path2whitelist'];
    if (in_array($event->getRequest()->getRequestUri(), whitelistedUris)) {
      $response->headers->remove('X-Frame-Options');
    }
  }
 }
diff --git a/mymodule_embed.info.yml b/mymodule_embed.info.yml
 name: Mymodule Embed
 description: Whitelists specific pages to be possible to embed as an iframe.
 package: Custom
 type: module
 core_version_requirement: ^8 || ^9
diff --git a/mymodule_embed.services.yml b/mymodule_embed.services.yml
 services:
  mymodule_embed:
    class: '\Drupal\mymodule_embed\EventSubscriber\EmbedSubscriber'
    tags:
      - { name: 'event_subscriber' }
	<?php

	// REMOVE ME: Place in /web/modules/custom/mymodule/src/EventSubscriber/EmbedSubscriber.php

	namespace Drupal\mymodule_embed\EventSubscriber;

	use Symfony\Component\EventDispatcher\EventSubscriberInterface;
	use Symfony\Component\HttpKernel\Event\FilterResponseEvent;
	use Symfony\Component\HttpKernel\KernelEvents;

	class EmbedSubscriber implements EventSubscriberInterface {

	/**
	* {@inheritdoc}
	*/
	static function getSubscribedEvents() {
	$events[KernelEvents::RESPONSE][] = ['onRespond'];
	return $events;
	}

	/**
	* Removes the X-Frame-Options http header for specific URIs.
	*
	* Used to allow iframe embeds and prevent same origin
	* policy problems in the browser.
	*
	* @param FilterResponseEvent $event
	*/
	public function onRespond(FilterResponseEvent $event) {
	$response = $event->getResponse();
	$whitelistedUris = ['/path1whitelist', '/path2whitelist'];
	if (in_array($event->getRequest()->getRequestUri(), whitelistedUris)) {
	$response->headers->remove('X-Frame-Options');
	}
	}
	}
	name: Mymodule Embed
	description: Whitelists specific pages to be possible to embed as an iframe.
	package: Custom
	type: module
	core_version_requirement: ^8 \|\| ^9
	services:
	mymodule_embed:
	class: '\Drupal\mymodule_embed\EventSubscriber\EmbedSubscriber'
	tags:
	- { name: 'event_subscriber' }