Do any consumers autodiscover?
John Bachir
useful to me if I can't get consumers to consume it. The spec
describes a discovery mechanism[1]. Do any of the big consumers use
this? If not: I'm assuming that it's relatively difficult to get a
consumer to add me to their oembed provider list, but perhaps it is
easier than I think?
Thanks,
John
[1]http://www.oembed.com/#section4
Walter McGinnis
discovery for setting up a media source. I'm hoping to take a crack
at it next week.
It probably won't be exclusively discovery, but I can't see it not
being useful. The media selector is going to be used by an open
source ruby on rails app called Kete (http://kete.net.nz). Each Kete
site will in turn have an oembed service and since there will be an
unknown amount of oembed enabled Kete sites out there... discovery
should be useful.
I'll add a response here if I have anything to report on it.
Cheers,
Walter McGinnis
Kete Project Lead
> --
> You received this message because you are subscribed to the Google Groups "OEmbed" group.
> To post to this group, send email to oem...@googlegroups.com.
> To unsubscribe from this group, send email to oembed+un...@googlegroups.com.
> For more options, visit this group at http://groups.google.com/group/oembed?hl=en.
>
>
Charl van Niekerk
> Oembed is ideal for a project I'm working on. But it's of course not
> useful to me if I can't get consumers to consume it. The spec
> describes a discovery mechanism[1]. Do any of the big consumers use
> this? If not: I'm assuming that it's relatively difficult to get a
> consumer to add me to their oembed provider list, but perhaps it is
> easier than I think?
That is my experience as well and IMHO oEmbed can't live up to its
full potential if this situation doesn't change. The typical excuse I
get is that people are scared of cross-site scripting attacks, which
is a legitimate concern but not one that we can't work past with some
clever code. How does blogging systems like WordPress deal with it in
their comments? Can't oEmbed consumers implement a similar algorithm?
Brion Vibber
Oembed is ideal for a project I'm working on. But it's of course not
useful to me if I can't get consumers to consume it. The spec
describes a discovery mechanism[1]. Do any of the big consumers use
this? If not: I'm assuming that it's relatively difficult to get a
consumer to add me to their oembed provider list, but perhaps it is
easier than I think?
We use the autodiscovery for StatusNet, though in our latest code primarily to get thumbnail images for linked resources rather than running embedded video or link text previews directly. Since offsite images are safe to include, we have no need to whitelist provider sites. (We used to have some code to use video/link embedding, but had to run HTML sanitizers over it to remove anything that might, say, actually play a video so it wasn't much use. :P)
As a lot of sites don't provide discovery, we're currently using this fallback progression:
* for a few hosts we recognize, use a hardcoded provider URL (flickr, yfrog) or an alternate API (twitpic)
* poke the link with a HEAD request to confirm it's text/html
* GET the page and pull discovery links
* if no discovery links, try oohembed.com's oEmbed proxy
If considering ideas for a next-gen oEmbed, my biggest recommendation in addition to cleaner discovery is including an iframe-friendly embedding link:
As a consuming site I don't really want to toss up untrusted HTML within my own domain, since it could introduce scripting attacks. But if I can toss an offsite link into an <iframe>, the provider site has carte-blanche to generate any HTML and the browser's same-origin restrictions protect my surrounding page.
-- brion vibber (brion @ status.net)