Replacements for the Widgets extension
Following the permanent removal of the Widgets extension due to a security vulnerability, and the potential for future risk, here are some viable replacement options:
Extensions: the EmbedVideo, TimedMediaHandler, Video, or YouTube extensions may be viable replacements.
JavaScript:
$( '#discord-widget' ).html( '<iframe src="https://discord.com/widget?id={SERVER_ID}&theme=dark" width="{WIDTH}" height="{HEIGHT}" allowtransparency="true" frameborder="0" sandbox="allow-popups allow-popups-to-escape-sandbox allow-same-origin allow-scripts"></iframe>' );
HTML:
<div id="discord-widget"></div>
- Add the JavaScript to either MediaWiki:{Skin}.js, or MediaWiki:Common.js
- Add the HTML to any wiki page or template you wish to display the embedded IFrame.
Note: If the URL you are attempting to frame is blocked by the Miraheze content security policy, it will not work. The current URLs that will work (as of 23 February 2024) are listed below:
# Only add a domain pursuant to the policy below. Please also be restrictive in which list. # See https://meta.miraheze.org/wiki/Tech:CSP_Policy. default-src: - "'self'" - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' script-src: - 'blob:' - "'self'" - "'unsafe-inline'" - "'unsafe-eval'" - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - '*.wikimedia.org' - '*.wikipedia.org' - '*.wikibooks.org' - '*.wiktionary.org' - '*.wikiquote.org' - '*.wikisource.org' - '*.wikiversity.org' - '*.wikinews.org' - '*.wikivoyage.org' - 'mediawiki.org' - 'www.mediawiki.org' - 'wikidata.org' - 'www.gstatic.com' - 'www.google.com' - 'apis.google.com' - 'platform.twitter.com' - 'wiki-assets.sumin.wiki' - 'cdnjs.cloudflare.com' - 'cdn.jsdelivr.net' - 'fastly.jsdelivr.net' - 'cdn.syndication.twimg.com' - 'openlayers.org' - 'www.gstatic.cn' - 'hcaptcha.com' - '*.hcaptcha.com' - 'bandcamp.com' style-src: - "'self'" - 'data:' - "'unsafe-inline'" - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - '*.wikimedia.org' - '*.wikipedia.org' - '*.wikibooks.org' - '*.wiktionary.org' - '*.wikiquote.org' - '*.wikisource.org' - '*.wikiversity.org' - '*.wikinews.org' - '*.wikivoyage.org' - 'mediawiki.org' - 'www.mediawiki.org' - 'wikidata.org' - 'www.gstatic.com' - 'fonts.googleapis.com' - 'cdn.jsdelivr.net' - 'fastly.jsdelivr.net' - 'cdnjs.cloudflare.com' - 'platform.twitter.com' - 'ton.twimg.com' - 'hcaptcha.com' - '*.hcaptcha.com' img-src: - 'blob:' - "'self'" - 'data:' - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - 'upload.wikimedia.org' - 'wikimedia.org' - 'maps.google.com' - 'www.gstatic.com' - 'maxcdn.bootstrapcdn.com' - '*.twimg.com' - 'i.imgur.com' - 'image.tmdb.org' - '*.googleusercontent.com' - '*.fontawesome.com' - '*.dropboxstatic.com' - '*.redd.it' - '*.redditmedia.com' - 'mirrors.creativecommons.org' - 'www.gnu.org' - 'live.staticflikr.com' - 'cdn.pixabay.com' - 'cdn.geogebra.org' - 'docs.blender.org' - '*.imgbox.com' - 'tile.openstreetmap.org' - '*.tile.openstreetmap.org' - 'cdn.discordapp.com' - 'na.llnet.sims3storee.cdn.ea.com' - '*.fastly.net' - 'minotar.net' - 'db.onlinewebfonts.com' - 'openlayers.org' - 'discordapp.com' - 'imgbb.com' - 'postimages.org' - 'platform.twitter.com' - 'syndication.twitter.com' - 'img.newspapers.com' - 'cdn.smutstone.com' - 'storage.googleapis.com' - '*.fbcdn.net' - 'i.ytimg.com' - '*.imgbb.com' - 'simgbb.com' - '*.simgbb.com' - 'ibb.co' - '*.ibb.co' - '*.postimages.org' - 'postimgs.org' - '*.postimgs.org' - 'postimg.cc' - '*.postimg.cc' - '*.rbxcdn.com' - 'cms-imgp.jw-cdn.org' font-src: - "'self'" - 'data:' - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - 'fonts.gstatic.com' - 'fonts.googleapis.com' - 'cdnjs.cloudflare.com' - 'cdn.jsdelivr.net' - 'fastly.jsdelivr.net' - 'db.onlinewebfonts.com' - 'upload.wikimedia.org' media-src: - "'self'" - 'blob:' - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - 'upload.wikimedia.org' - 'embed.nicovideo.jp' - '*.youtube.com' - '*.youtube-nocookie.com' - 'player.twitch.tv' - 'clips.twitch.tv' - 'player.vimeo.com' - 'apis.google.com' - 'bandcamp.com' frame-src: - "'self'" - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - 'www.google.com' - 'docs.google.com' - 'apis.google.com' - 'web.libera.chat' - 'snap.berkeley.edu' - '*.youtube-nocookie.com' - 'www.youtube.com' - 'player.twitch.tv' - 'platform.twitter.com' - 'discord.com' - 'discordapp.com' - 'embed.nicovideo.jp' - 'syndication.twitter.com' - 'open.spotify.com' - 'www.gofundme.com' - 'archive.org' - 'w.soundcloud.com' - 'query.wikidata.org' - 'player.vimeo.com' - 'www.bing.com' - 'lucid.app' - 'scratch.mit.edu' - 'hcaptcha.com' - '*.hcaptcha.com' - 'bandcamp.com' connect-src: - "'self'" - '*.miraheze.org' - '*.mirabeta.org' - '*.wikitide.net' - 'www.wikidata.org' - '*.wikipedia.org' - 'www.mediawiki.org' - '*.wikimedia.org' - '*.wikinews.org' - '*.wiktionary.org' - 'cdn.jsdelivr.net' - 'storage.googleapis.com' - '*.youtube-nocookie.com' - 'hcaptcha.com' - '*.hcaptcha.com' |