Use double iframe technique to support embedding with SharePoint.

The first embed uses the "Anyone with the link can view" sharing link generated by OneDrive. The sharing URL generally resembles something like: hxxps://XXX.sharepoint.com/:v:/g/personal/XXX/SOMEID. Embedding the sharing link helps to set the necessary authentication cookies needed to view the main embed. This iframe is hidden from display. The main embed uses the following URL format: hxxps://XXX.sharepoint.com/personal/XXX/_layouts/15/embed.aspx?UniqueId=XXX. UniqueId is a parameter we need to query OneDrive for and is not the same as SOMEID from the first embed. This is an undocumented way of embedding media from SharePoint. Experimental. See #1.
hwdsb · Dec 6, 2024 · 01b80f5 · 01b80f5
1 parent 1fd12ea
commit 01b80f5
Show file tree

Hide file tree

Showing 2 changed files with 43 additions and 1 deletion.
diff --git a/assets/block.js b/assets/block.js
@@ -653,6 +653,9 @@
 			},
 			title: {
 				type: 'string'
+			},
+			uniqueID: {
+				type: 'string'
 			}
 		},
 		edit: function( props ) {
@@ -729,6 +732,10 @@
 					fileDetails.title = files.value[0].name;
 				}
 
+				if ( files.value[0].hasOwnProperty( 'eTag' ) ) {
+					fileDetails.uniqueID = files.value[0].eTag.match('{(?<id>.*)}').groups.id.toLowerCase();
+				}
+
 				return props.setAttributes( fileDetails );
 			};
 
@@ -900,7 +907,8 @@
 								size: undefined,
 								id: undefined,
 								display: undefined,
-								title: undefined
+								title: undefined,
+								uniqueID: undefined
 							});
 						},
 					}]

diff --git a/onedrive.php b/onedrive.php
@@ -98,6 +98,9 @@ function shortcode( $r ) {
 		// type
 		'type'   => 'other',
 
+		// sharepoint unique ID
+		'uniqueID' => '',
+
 		// dimensions
 		'width'  => '',
 		'height' => '',
@@ -276,6 +279,8 @@ function shortcode( $r ) {
 			break;
 	}
 
+	$is_sharepoint_unique_id = false;
+
 	// SharePoint.
 	if ( ! $is_personal ) {
 		// Only word, powerpoint, excel and visio can be embedded.
@@ -292,6 +297,26 @@ function shortcode( $r ) {
 				$r['link'] = str_replace( 'action=edit', 'action=embedview', $r['link'] );
 			}
 
+		// If have unique ID, use a different URL syntax for certain types.
+		} elseif ( true === in_array( $type, [ 'video', 'audio', 'image', 'pdf' ] ) && ! empty( $r['uniqueID'] ) ) {
+			$is_sharepoint_unique_id = true;
+
+			$original_link = $r['link'];
+
+			// Need to set to 'other' so iframe is used.
+			$type = 'other';
+
+			// Grab the OneDrive user from the link.
+			preg_match( '~/personal/(.*)/~', $r['link'], $user );
+
+			$r['link'] = sprintf(
+				'https://%1$s/personal/%2$s/_layouts/15/embed.aspx?UniqueId=%3$s&embed=%4$s&referrer=StreamWebApp&referrerScenario=EmbedDialog.Create',
+				parse_url( $r['link'], PHP_URL_HOST ),
+				$user[1],
+				$r['uniqueID'],
+				urlencode( '{"ust":true,"hv":"CopyEmbedCode"}' )
+			);
+
 		// All other types will use icon display.
 		} else {
 			$r['display'] = 'icon';
@@ -414,6 +439,15 @@ function shortcode( $r ) {
 		$output = '<iframe id="onedrive-' . md5( $r['link'] ) . '" class="onedrive-shortcode" src="' .  esc_url( $r['link'] ) . '"' . $r['width'] . $r['height'] . $extra . '></iframe>';
 	}
 
+	/*
+	 * Embed sharing link if this is a SharePoint unique ID.
+	 *
+	 * This is necessary to set the authentication cookies to view the embed.
+	 */
+	if ( $is_sharepoint_unique_id ) {
+		$output = sprintf( '<iframe src="%1$s" width="0" height="0" style="display:none;"></iframe>%2$s', esc_url( $original_link ), $output );
+	}
+
 	// Wrap output in <figure> because of Gutenberg.
 	$output = sprintf( '<figure class="wp-block-embed wp-block-embed-onedrive"><div class="wp-block-embed__wrapper">%s</div></figure>', $output );