oembed API response is not fully compatible with the spec


Well-known member
Affected version
https://xenforo.com/community/api/oembed/?url=https://xenforo.com/community/threads/boosting-performance-in-xenforo-2-3.216767/ returns the following response:
    "version": "1.0",
    "type": "rich",
    "provider_name": "XenForo community",
    "provider_url": "https://xenforo.com/community",
    "author_name": "Chris D",
    "author_url": "/community/members/chris-d.11388/",
    "html": "<div class=\"js-xf-embed\" data-url=\"https://xenforo.com/community\" data-content=\"thread-216767\"></div><script defer src=\"https://xenforo.com/community/js/xf/external_embed.js?_v=2ee20907\"></script>",
    "referrer": "",
    "cache_age": 3600

According to the specification fields width and height are missing: The rich type

This type is used for rich HTML content that does not fall under one of the other categories. The following parameters are defined:
html (required)
The HTML required to display the resource. The HTML should have no padding or margins. Consumers may wish to load the HTML in an off-domain iframe to avoid XSS vulnerabilities. The markup should be valid XHTML 1.0 Basic.
width (required)
The width in pixels required to display the HTML.
height (required)
The height in pixels required to display the HTML.
Responses of this type must obey the maxwidth and maxheight request parameters.
If the markup is expected to be X(HT)ML, defershould be defer="" too. Not that anybody still uses XHTML, but some processors may try to load the markup as XML.
Top Bottom