(feat): Introduce new lightweight app for video player that allows to show in iframe

Summary

Context:

I'm trying to embed Minds videos on my external pages using the minds-supplied code from the Minds "Share" link.

When I try in Chrome I get an empty frame with the text: "www.minds.com refused to connect." Firefox simply gives an empty area the size of the iframe.

Running developer tools on Chrome and looking at the console, I see the following error: Refused to display 'xxxxxx' in a frame because it set 'X-Frame-Options' to 'deny'.

The issue here after discussing with @edgebal seems to be that a recent security change to prevent click-jacking, has broken video embedding.

Steps to reproduce

(How one can reproduce the issue - this is very important)

Platform information

Windows 10, Chrome and Firefox lastest versions

What is the current bug behavior?

Video cannot be embedded

What is the expected correct behavior?

We should ideally find a solution where we can mitigate the risk of click-jacking, whilst also allowing video embedding.

Relevant logs and/or screenshots

(Paste any relevant logs - please use code blocks (```) to format console output, logs, and code as it's very hard to read otherwise.)

Possible fixes

Mark has mentioned that this could potentially be solved by either splitting the embedded links off onto a subdomain, or we may be able to remove the header for a specific endpoint.