💄 Enforce JavaScript detection

This fixes the setting for always active providers
since this doesn't work properly with enabled
unknown provider replacements, as the oEmbed URL
is not always identical with the actual URL of the embed.
This would result in oEmbeds being replaced by the
default embed overlay.
Closes #246

assets/js/embed-privacy.js

@@ -37,10 +37,7 @@ document.addEventListener( 'DOMContentLoaded', function() {
 		} );
 	}
 
-	if ( embedPrivacy.javascriptDetection === 'yes' ) {
-		enableAlwaysActiveProviders();
-	}
-
+	enableAlwaysActiveProviders();
 	optOut();
 	setMinHeight();
 
@@ -169,7 +166,7 @@ document.addEventListener( 'DOMContentLoaded', function() {
 		const alwaysActiveProviders = getAlwaysActiveProviders();
 
 		for ( var i = 0; i < optOutCheckboxes.length; i++ ) {
-			if ( embedPrivacy.javascriptDetection === 'yes' && alwaysActiveProviders.indexOf( optOutCheckboxes[ i ].getAttribute( 'data-embed-provider' ) ) !== -1 ) {
+			if ( alwaysActiveProviders.indexOf( optOutCheckboxes[ i ].getAttribute( 'data-embed-provider' ) ) !== -1 ) {
 				optOutCheckboxes[ i ].checked = true;
 			}
 			else if ( ! showAll ) {

inc/admin/class-settings.php

@@ -51,21 +51,6 @@ public static function get_page() {
 	 */
 	public static function register() {
 		\add_settings_section( 'embed_privacy_general', null, '__return_null', 'embed_privacy' );
-		\add_settings_field(
-			'embed_privacy_javascript_detection',
-			\__( 'JavaScript detection', 'embed-privacy' ),
-			[ Field::class, 'get' ],
-			'embed_privacy',
-			'embed_privacy_general',
-			[
-				'description' => \__( 'By enabling this option, checks for embed providers are made via JavaScript on the client-side rather than on your server. Enabling this option is recommended when using a caching plugin.', 'embed-privacy' ),
-				'name' => 'embed_privacy_javascript_detection',
-				'option_type' => 'option',
-				'title' => \__( 'JavaScript detection for active providers', 'embed-privacy' ),
-				'type' => 'checkbox',
-			]
-		);
-		\register_setting( 'embed_privacy', 'embed_privacy_javascript_detection' );
 		\add_settings_field(
 			'embed_privacy_local_tweets',
 			\__( 'Embeds', 'embed-privacy' ),

inc/class-embed-privacy.php

@@ -406,10 +406,6 @@ public function get_embed_overlay( $provider, $content ) {
 			'1.10.0'
 		);
 
-		if ( Providers::is_always_active( $provider->post_name ) ) {
-			return $content;
-		}
-
 		$replacement = new Replacement( $content );
 
 		foreach ( $replacement->get_providers() as $provider ) {
@@ -1025,12 +1021,8 @@ public function replace_embeds_twitter( $output, $url, $args ) {
 			return $output;
 		}
 
-		if ( Providers::is_always_active( $provider->get_name() ) ) {
-			return $output;
-		}
-
+		// check for local tweets
 		if ( \get_option( 'embed_privacy_local_tweets' ) ) {
-			// check for local tweets
 			return X::get_local_tweet( $output );
 		}
 

inc/class-frontend.php

@@ -37,7 +37,6 @@ public function print_assets() {
 		\wp_enqueue_style( 'embed-privacy' );
 		\wp_localize_script( 'embed-privacy', 'embedPrivacy', [
 			'alwaysActiveProviders' => \array_keys( (array) Embed_Privacy::get_instance()->get_cookie() ), // deprecated
-			'javascriptDetection' => \get_option( 'embed_privacy_javascript_detection' ),
 		] );
 
 		/**

inc/class-migration.php

@@ -806,6 +806,8 @@ private function migrate_1_10_7() {
 		if ( $x_provider instanceof WP_Post ) {
 			\update_post_meta( $x_provider->ID, 'regex_default', '/^(www\\\.)?(twitter|x)\\\.com/' );
 		}
+
+		\delete_option( 'embed_privacy_javascript_detection' );
 	}
 
 	/**

inc/data/class-providers.php

@@ -221,14 +221,8 @@ public function get_list( $type = 'all', $args = [] ) {
 	 * @return	bool True if provider is always active, false otherwise
 	 */
 	public static function is_always_active( $provider ) {
-		$javascript_detection = \get_option( 'embed_privacy_javascript_detection' );
-		$provider = self::sanitize_name( $provider );
-
-		if ( $javascript_detection ) {
-			return false;
-		}
-
 		$cookie = Embed_Privacy::get_instance()->get_cookie();
+		$provider = self::sanitize_name( $provider );
 
 		return isset( $cookie->{$provider} ) && $cookie->{$provider} === true;
 	}

inc/data/class-replacer.php

@@ -161,11 +161,6 @@ public static function replace_oembed( $output, $url, array $attributes ) {
 				return $output;
 			}
 
-			// check if cookie is set
-			if ( Providers::is_always_active( $provider->get_name() ) ) {
-				return $output;
-			}
-
 			$embed_title = Oembed::get_title( $output );
 			/* translators: embed title */
 			$attributes['embed_title'] = ! empty( $embed_title ) ? $embed_title : '';

inc/embed/class-replacement.php

@@ -77,17 +77,7 @@ public function get( array $attributes = [], $provider = null ) {
 
 		// get default external content
 		// special case for youtube-nocookie.com as it is part of YouTube provider
-		// and gets rewritten in Divi
-		// see: https://github.com/epiphyt/embed-privacy/issues/69
-		if (
-			! $ignore_unknown_providers
-			&& (
-				! \str_contains( $content, 'youtube-nocookie.com' )
-				|| ! Providers::is_always_active( 'youtube' )
-			)
-		) {
-			$attributes['check_always_active'] = true;
-
+		if ( ! $ignore_unknown_providers || \str_contains( $content, 'youtube-nocookie.com' ) ) {
 			if ( $provider instanceof Provider ) {
 				$this->provider = $provider;
 				$content = $this->replace( $content, $attributes );
@@ -212,7 +202,6 @@ private function replace_content( $content, array $attributes ) {
 
 		$attributes = \wp_parse_args( $attributes, [
 			'additional_checks' => [],
-			'check_always_active' => false,
 			'elements' => [ 'embed', 'iframe', 'object' ],
 			'element_attribute' => 'src',
 			'height' => 0,
@@ -279,16 +268,6 @@ private function replace_content( $content, array $attributes ) {
 					continue;
 				}
 
-				// providers need to be explicitly checked if they're always active
-				// see https://github.com/epiphyt/embed-privacy/issues/115
-				if ( $attributes['check_always_active'] && Providers::is_always_active( $this->provider->get_name() ) ) {
-					if ( ! empty( $attributes['assets'] ) ) {
-						$content = Assets::get_static( $attributes['assets'], $content );
-					}
-
-					return $content;
-				}
-
 				if ( $this->provider->is_unknown() ) {
 					$embedded_host = \wp_parse_url( $element->getAttribute( $attributes['element_attribute'] ), \PHP_URL_HOST );
 
@@ -302,19 +281,6 @@ private function replace_content( $content, array $attributes ) {
 					$this->provider->set_title( $embedded_host );
 					$this->provider->set_name( \sanitize_title( $embedded_host ) );
 
-					// unknown providers need to be explicitly checked if they're always active
-					// see https://github.com/epiphyt/embed-privacy/issues/115
-					if (
-						$attributes['check_always_active']
-						&& Providers::is_always_active( $this->provider->get_name() )
-					) {
-						if ( ! empty( $attributes['assets'] ) ) {
-							$content = Assets::get_static( $attributes['assets'], $content );
-						}
-
-						return $content;
-					}
-
 					// check URL for available provider
 					foreach ( Providers::get_instance()->get_list() as $provider ) {
 						if (

inc/handler/class-shortcode.php

@@ -61,16 +61,11 @@ public static function opt_out( $attributes ) {
 		$cookie = Embed_Privacy::get_instance()->get_cookie();
 		$embed_providers = Providers::get_instance()->get_list();
 		$enabled_providers = \array_keys( (array) $cookie );
-		$is_javascript_detection = \get_option( 'embed_privacy_javascript_detection' ) === 'yes';
 
 		if ( empty( $embed_providers ) ) {
 			return '';
 		}
 
-		if ( ! $is_javascript_detection && ! $attributes['show_all'] && ! $enabled_providers ) {
-			return '';
-		}
-
 		$headline = '<h3>' . \esc_html( $attributes['headline'] ) . '</h3>' . \PHP_EOL;
 
 		/**

inc/integration/class-jetpack.php

@@ -52,7 +52,6 @@ public static function replace_facebook_posts( $content ) {
 				],
 			],
 			'assets' => [],
-			'check_always_active' => true,
 			'elements' => [
 				'div',
 			],