on third-party sites. * * Usage: */ require_once __DIR__ . '/includes/db.php'; $slug = trim($_GET['v'] ?? ''); $video = $slug ? get_video_by_slug($slug) : null; if ($video) { $video['view_count'] = increment_video_view_count((int)$video['id']); } // Determine absolute base URL for media files. // We need absolute URLs here because the embed lives on a foreign domain. $scheme = (!empty($_SERVER['HTTPS']) && $_SERVER['HTTPS'] !== 'off') ? 'https' : 'http'; $host = $_SERVER['HTTP_HOST'] ?? 'localhost'; $script = dirname($_SERVER['SCRIPT_NAME'] ?? '/'); $script = rtrim($script, '/'); $base_url = $scheme . '://' . $host . $script . '/'; // e.g. https://tyclifford.com/live/ $player_sources = []; if ($video && !empty($video['sources'])) { foreach ($video['sources'] as $source) { $player_source = source_player_data($source, public_absolute_url(public_media_url())); if ($player_source) $player_sources[] = $player_source; } } $primary_player_source = $player_sources[0] ?? null; $native_player_sources = []; foreach ($player_sources as $player_source) { if (($player_source['kind'] ?? '') !== 'iframe') $native_player_sources[] = $player_source; } // X-Frame-Options: allow embedding from any origin. // If you want to restrict, change ALLOWALL to SAMEORIGIN or remove for CSP header instead. header('X-Frame-Options: ALLOWALL'); header('Content-Security-Policy: frame-ancestors *'); ?>
= $slug ? 'video not found' : 'no video specified' ?>