// Return a response instead of a render array so that the frame content
// will not have all the blocks and page elements normally rendered by
// Drupal.
$response =
new HtmlResponse('', HtmlResponse::HTTP_OK,
[ 'Content-Type' => 'text/html; charset=UTF-8',
]);
$response->
addCacheableDependency(Url::
createFromRequest($request));
try { $resource_url =
$this->urlResolver->
getResourceUrl($url,
$max_width,
$max_height);
$resource =
$this->resourceFetcher->
fetchResource($resource_url);
$placeholder_token = Crypt::
randomBytesBase64(55
);
// Render the content in a new render context so that the cacheability
// metadata of the rendered HTML will be captured correctly.
$element =
[ '#theme' => 'media_oembed_iframe',
'#resource' =>
$resource,
// Even though the resource HTML is untrusted, IFrameMarkup::create()
// will create a trusted string. The only reason this is okay is