Security and protection of H5P-embedded content

Submitted by wilhelm-pbt on Mon, 02/04/2019 - 14:12

Forums:

Hello,

is there a way to protect h5p-content created with the h5p wordpress plugin when embedded into different sites?

I just found that since the embed-code reveals the ID of the h5p-content, it is very easy to "guess" other h5p-content and load it instead.

It would be great someone could give me a hint on the following questions:

1. Is it possible to disable the embed-feature of the wordpress-plugin for a whole wordpress-page, so there is absolutely no embedding possible?

2. Is it possible or planned to add protection features for h5p-content to make content only embedable on certain pages?

Thank you in advance and kind regards

Jens

Content types:

Interactive Video

icc

Mon, 02/11/2019 - 10:28

Permalink

Hi,1. Yes, on the H5P

Hi,

1. Yes, on the H5P settings page, if you disable the Embed button all links should stop working.

2. We have thought about adding a setting for X-Frame-Options or Content-Security-Policy but it hasn't been highly requested. I guess that most who require this have already set/forced these options in the web server configuration.

You are here

Security and protection of H5P-embedded content

Hi,1. Yes, on the H5P