(Feature request) Using <iframe /> to include content from external sites

[dousha]

Describe feature

As of 0.51-latest, the server (both the dedicated server and local setup) would ask for COEP compliance for external resources. Most sites don't have COEP compliance thus <iframe>s embedding them would refuse to load.

Is there an environment variable or configuration that controls the behaviour of the COEP header?

Additional Information

Some sites allow you to share multimedia resources via embedding them using an <iframe>. However, it seems impossible to do so in 0.51-latest since the server (both the dedicated server instance and local setup) asks for COEP. Most sites don't have COEP compliance so the <iframe>s refuses to load.

It is not considered practical to download all the resources and upload them to the hosting server (since some are hour-long videos and I only have a limited storage space on the server); nor is it practical to embed them with <video> or <audio> tags since the resource might be segmented or requires some special sauce to load properly. I don't have copyrights to most of these resources so re-hosting them elsewhere where I can embed them as objects may get me into legal troubles.

I have considered removing COEP header from the server with Nginx but tampering with the response header with proxy_pass requires additional setups that aren't trivial.

It sure would be nice if sites are compliant with COEP. But it seems to be a relatively new standard that even Google services (to be more specific, YouTube) are not supporting them properly. The error message for <iframe>s refusing to load because of COEP is also very confusing. It would be nice if the COEP header is not mandatory but an option that can be turned off if the user knows what they are doing.

[zadam]

Hi, I disabled COEP. It's not that easy to use iframes in Trilium (at least AFAIK), so the assumption is that user knows what they are doing. This will be in 0.52, first beta coming soon.