Just a quick summary of the options I see to have OEmbed support.
The main issue is that oembed format doesn't necessarily means CORS support, and de facto the main providers (YouTube, Flickr, Vimeo, etc.) doesn't support CORS. Also, at least YouTube doesn't support jsonp (ugly) workaround.
So this means that we can't request them directly from the client.
Here are the options I see:
provide an OEmbed control that rely on a single endpoint OEmbed proxy, which knows how to call then every provider; this proxy can be a third party proxy like EmbedKit
provide an OEmbed control that rely on a proxy, but the mapping "media url"=>"oembed endpoint" is done by this control, so the proxy is blind, which make it much easier to set up when you need control on your stack (not relying on a third party service like EmbedKit for example)
only provide a FakeOEmbed control, which, instead of a matching "media url"=>"oembed endpoint", does a maching "media URL"=>"DOM structure", which basically means creating an iframe for a lot of providers; this solution sounds like a real DRY alert, but I do think in practice it's not that much work to maintain it, and it would be the lighter solution for minislate users
For Ideasbox I've worked on option 2, because I need to have full control of my stack, but I'm not sure it's the best option to have upstream.
What I would suggest, is to provide both option 1 (Oembed dedicated proxy) and 4 (fake oembed), because:
option 4 is the only plug and play option, and it will cover a lot of simple needs
option 1, if made configurable, can cover all the other advanced use cases
Code for option 1 is ready on my side, just need to be cleaned a bit to be more generic and configurable; option 4 is not that much work (let's say we would support only iframe and img in a first iteration), so I can provide a PR for both scenarios if we decide to go this way.
Just a quick summary of the options I see to have OEmbed support. The main issue is that oembed format doesn't necessarily means CORS support, and de facto the main providers (YouTube, Flickr, Vimeo, etc.) doesn't support CORS. Also, at least YouTube doesn't support jsonp (ugly) workaround. So this means that we can't request them directly from the client.
Here are the options I see:
For Ideasbox I've worked on option 2, because I need to have full control of my stack, but I'm not sure it's the best option to have upstream.
What I would suggest, is to provide both option 1 (Oembed dedicated proxy) and 4 (fake oembed), because:
Code for option 1 is ready on my side, just need to be cleaned a bit to be more generic and configurable; option 4 is not that much work (let's say we would support only iframe and img in a first iteration), so I can provide a PR for both scenarios if we decide to go this way.
Thoughts? :)