Embedding YouTube videos allowed, EU court rules


Good news for Internet’s most famous kitten (pictured above). European Union has ruled that embedding a copyrighted YouTube video in your site is not copyright infringement (source: torrentfreak). To celebrate this EU victory let’s embed the worlds most popular kitten video:


The kitten’s name is “Atilla Fluff” according to knowyourmeme.com is 6-10 weeks old on the video and the video was recorded in November 2009. In the past years Atilla acquired over 74 million views on YouTube. His popularity makes total sense: Who does not like a video of a very small kitten getting tickled?

If you think that is weird, listen to this: There is a yearly Internet Cat Video Festival, which was recently held for the third time!

Disabling YouTube annotations when embedding

Embedding YouTube videos is great, but annoying annotations may take up important screen estate. Although viewers can click them away it often gives a bad user experience. The above video has some of these annoying annotations. Fortunately I was able to disable them. How? Just add the following parameter to the end of the URL in the embed code (source: vidiseo.com):


The above video is normally embedded with:

<iframe src="//www.youtube.com/embed/0Bmhjf0rKe8?feature=player_embedded"
frameborder="0" width="640" height="360" allowfullscreen></iframe>

And after disabling annotations the embed code is:

<iframe src="//www.youtube.com/embed/0Bmhjf0rKe8?feature=player_embedded&iv_load_policy=3" 
frameborder="0" width="640" height="360" allowfullscreen></iframe>

Alternatively you can embed even better by using not an iframe but a picture and the following code:

<a href="http://www.youtube.com/embed/0Bmhjf0rKe8?feature=player_embedded&iv_load_policy=3">
<img src="http://www.leaseweb.com/labs/img/surprised_kitty_video.jpg" /></a>

This is what we did on the video above and it will fully respect your privacy (where the iframe solution may not).

Enjoy embedding YouTube videos!


@Secure annotation for Symfony 2.3

We created the LswSecureControllerBundle to provide @Secure annotation in Symfony 2.3 to secure actions in controllers by specifying required roles. This functionality was provided by the JMSSecurityExtraBundle, included in Symfony 2.0, 2.1 and 2.2. In  Symfony 2.3 it was removed because of a license incompatibility between Symfony Core and the JMSSecurityExtraBundle. On the official blog Fabien Potencier (author of Symfony) writes:

As the Symfony Standard Edition is under the MIT license, we did not want to have anything else in its deps. That helps people developing GPL projects on top of Symfony. That said, if you are developing your own project, using dependencies under an Apache license should not be a problem at all. So, feel free to add them back. — Fabien Potencier in a response

So, the JMS bundles are no longer included by default and honestly, apart from the license, it is a huge pile of code. Especially as the only feature we use from it, is the @Secure annotation to require roles for executing specific actions in the controllers. Please note that it is not only a beefy bundle, but it also has an impressive set of dependencies:

And don’t get me wrong; I believe the JMSSecurityExtraBundle does a lot of other things that are very valuable and fully justifies its size and its dependencies. I also highly respect Johannes Schmitt for his efforts in the Symfony community and his coding skills. However, if you only need this one feature and want to stay lean (122 lines of code) or if you need a more permissive license, then our bundle is the one for you.

Installation and usage

Figure 1: Symfony 2.3 denying access based on a @Secure annotation

Installation of this bundle is just like any other; details can be found in the README. We will show the usage by providing an example based on the standard Symfony 2.3 AcmeDemoBundle. We use the @Secure annotation in the AcmeDemoBundle to secure the “hello world” page requiring the role “ROLE_TEST” to execute.

In “src/Acme/DemoBundle/Controller/SecuredController.php” you should add the following line on top, but under the namespace definition:

use Lsw\SecureControllerBundle\Annotation\Secure;

To require the “ROLE_TEST” for “helloAction” in the “SecuredController” you should add @Secure annotation to the DocBlock of the “helloAction” like this (line 2):

     * @Secure(roles="ROLE_TEST")
     * @Route("/hello", defaults={"name"="World"}),
     * @Route("/hello/{name}", name="_demo_secured_hello")
     * @Template()
    public function helloAction($name)
        return array('name' => $name);

Note that you can only use the @Secure annotation on actions that are protected by a firewall. You can configure the firewall in the “app/config/security.yml” file.


Creating the bundle would not have been possible without Matthias Noback’s excellent posts:

Thank you Matthias!


We are committed to support this bundle and, as with all our bundles, you can contact us via the LswSecureControllerBundle Github page if you find a bug or want a feature to be added.