A member of mine posted this Facebook link standalone, and Discourse tried to parse it and it didn’t fly.

Let me try that same link right on its own line:

Just in case you don’t see it above, this is what’s displayed:

image1180×926 16.7 KB

The problem also shows up with a few adult sites where members were trying to share links; I did a quick test where I pasted a bunch of video URLs from different places several of the major adult sites also do not work.

This seems like a relatively serious bug, only in that it impacts embeds for Facebook. My (less-tech-savvy) members like to share links to things on Facebook in part because it’s so popular and universal. Plus, if someone posts that URL to a message, it gets parsed into something that doesn’t work, and the original URL is gone. So you can’t even go to that URL if you wanted to… it’s not available at all any longer.

So… is it possible to tell Discourse to NOT try to auto-embed videos at those domains? I was looking for a setting like ‘blacklist URLs with these words from embedding media’ where I could add those domains. (Or perhaps a whitelist of approved URLs like youtube and vimeo, to help head off future issues with new sites.)

If not that, is there a quick fix I can do on my forums to help?

Firefox (desktop)

Here on my desktop, using Firefox 75 on the Mac… I get the grey fail box.

image1874×992 91.9 KB

Safari (desktop)

Here on Safari, the first frame of the video shows, but when you click the “play” button, nothing happens.

image1578×746 196 KB

Chrome (desktop)

Using Chrome v81 on Mac desktop… same thing… you see the video but it never plays.

image1936×908 254 KB

iPhone - Safari iOS

Same as Chrome or Safari (desktop)… the video appears but won’t play.

image1242×2688 475 KB

Discourse doesn’t support Facebook videos onebox officially.

You might want to look at:

Can we replace the onebox output so that it doesn’t create a broken player? I guess we should make it work like it did before

image1242×2208 366 KB

Yes, I would say that is critical. It’s not a big deal to me if Discourse doesn’t support Facebook video. It’s a big deal to me when a member pastes a link (hardly unusual) and it produces an error message… and the original link is gone. I have several messages like this in my forum now. Us admins are manually fixing them as we see this but obviously that’s not a great solution.

I believe this is a serious bug, only in that Facebook (along with other videos sites I’ve tested it with) is wildly popular.

I would love to figure out a quick fix… let me know if I can help?

The quickest fix here would be to add www.facebook.com to the setting: onebox domains blacklist. That way onebox will not try to embed facebook.com videos.

What changed here is that Facebook updated OpenGraph metadata to add video links that are too restricted:

<meta property="og:video:secure_url" content="https://video.fjai1-2.fna.fbcdn.net/v/t42.9040-2/10000000_626864624535070_4779621138076532736_n.mp4?_nc_cat=107&amp;_nc_sid=985c63&amp;efg=eyJybHIiOjM1MiwicmxhIjoxMzI5LCJ2ZW5jb2RlX3RhZyI6InN2ZV9zZCJ9&amp;_nc_oc=AQkUihmrvyg1wU9qH_NjqkLUzl0XSYJGE6JREtPH7jxKc1aXEIuGLSbauCEPM-hI-DCuJRacr1hCB6HHZre1lxto&amp;rl=352&amp;vabr=196&amp;_nc_ht=video.fjai1-2.fna&amp;oh=3fd1d5e14f27d55bc0d2a91d4714148b&amp;oe=5EA6E533" />

The above video link shows error: Bad URL timestamp.

Even the link in og:image tag shows same error.

We don’t have any info to show on Facebook onebox except the video title. I think we should hardcode onebox to blacklist Facebook video links.

Excellent, thank you… that’s perfect.

BTW a reminder that this happens on other sites besides Facebook; a member tried to post a link to a video page on xvideos.com and it failed as well. (NSFW warning! That is VERY MUCH an adult site!) I tested it with a handful of other sites and found the same.

For facebook, can we take the twitter:player attribute and use it for an iframe? It seems to be a non-expiring URL:

Screenshot 2020-04-27 at 12.26.422316×96 39.6 KB

(There is so much irony in Facebook serving broken opengraph data, but working twitter data )

Or alternatively, apply the same logic as instagram. Show a large thumbnail with a button, which is linked.

I did try that and got broken links for twitter:image and twitter:player tags. Do they work for you?

On @pnoeric’s example video I see

<meta name="twitter:player" content="https://www.facebook.com/plugins/video.php?height=222&width=400&href=https://www.facebook.com/dccarmen/videos/10222567743521148/">

Which seems to work ok.

But if you found some which are broken, then we should probably avoid it

For that same link I am seeing:

https://www.facebook.com/plugins/video.php?height=222&width=400&href=https://www.facebook.com/dccarmen/videos/10222567743521148/

Notice & that is breaking the URL… changing that to & does the trick. So yeah, we can work around it.

twitter:image links are still broken (here’s an example).

So we have two options here:

1. use twitter:player links to embed facebook video
2. blacklist facebook videos in onebox and show them as normal links

Which one do you prefer @codinghorror?

We can try this but are we sure the links don’t expire?

I don’t think the link will expire because the URL is basically pointing at a facebook plugin that will embed video for whatever video link we pass in href parameter.

https://www.facebook.com/plugins/video.php?height=222&width=400&href=https://www.facebook.com/dccarmen/videos/10222567743521148/

So we can use iframe to embed the facebook video.

No the fix will be specific to Facebook.

Note that the failing video onebox usually indicates that the error is in the site you are trying to embed. In case of Facebook, it was Facebook being too restrictive and allowing video playback for a certain time only.

We usually work around these errors only for sites that are very popular (example: Instagram) so that the wider community can reap the benefits. If the site is not popular and you need to embed them on your site then the recommended way is to create a custom plugin adding custom Onebox engine for that site.

Ok.

Hmm. Is there a way to whitelist domains that onebox will try to embed? If not, it seems like we have this situation:

1. I run a community forum where members like to link to sites with videos. (These could be any sites, of course… we don’t know right now.)

2. If a site has an error in their code that prevent embedding from working, Discourse mangles the embed (ugly), and worse yet, removes the original URL so others can’t see what the OP was trying to share.

Doesn’t it seem like step 2 should be “If a site has an error in their code that prevent embedding from working, Discourse stops trying to embed and instead just lets the link pass through?”

I can’t fix this with the blacklist because I don’t know what domains are impacted by this, and of course, any site could have this issue in the future. Just like we saw here with Facebook.

Sure you can fix it — just blacklist the domains you observe problems with. This isn’t some impossibility.

Ok, that’s fine. I don’t have a great sense of how much of a problem this is; manually handling them is a great solution if there aren’t many domains with this problem.

I still think Discourse should handle malformed external data in a more graceful way besides “create giant error message and remove the most important content from the OP’s post”-- and I think you probably do too. But for now blacklisting is an acceptable workaround. Thank you.