Why can’t I upload H5P content?

One of the goals of H5P is to make sharing your content easy. A common way to do that is to download content via the Reuse button right underneath the content and then to upload it on some other H5P enabled platform. That’s it. In some cases, this may fail however. You might see a message similar to this one:

H5P Hub showing the error message: "Validating h5p package failed. Missing required library H5P.CombinationLock 1.0"

Before explaining that cryptic message (that may not be that cryptic using Moodle’s custom H5P integration by the way), let me share the (most likely) solution: One of the platform’s admins will need to upload that file for you.

Feel free to point your admins to the following explanation. It may answer some questions that they may have. But also please feel invited to read it yourself! I am going to try avoid to too much tech-speak.

What happens when I upload H5P content?

By design, H5P content files contain everything that an H5P enabled platform will need to run the content:

  • the “parameters” that you entered in the editor (e. g. some task description text or having checked a checkbox or not,
  • the media that you may have uploaded (e. g. images or audio files),
  • a package definition file that tells the platform what pieces of JavaScript code (called libraries) the platform requires to run the content, and
  • the aforementioned pieces of JavaScript code themselves.

Among a couple of other things, the H5P platform will check if it already has all the H5P libraries that the content needs. If some are missing, then H5P will try to install those from the H5P content file that you are trying to upload. And here’s where things can go south.

You may not be allowed to install H5P libraries – neither those that are completely new nor newer versions of existing ones. That’s a security measure. Admins try to keep the platform free from malicious code, and therefore they tend to be cautious. They should not allow anyone to install arbitrary JavaScript code to the platform, and that’s essentially what happens if you install H5P libraries. Sure, H5P content that you obtain from trustworthy sites should be fine. But it’s really not rocket science to create H5P content with customized libraries that could compromise a platform – and even spread from there. An extra layer of security is planned to be put in place (using checksums for “official” H5P libraries), but I don’t know when that will be done.

If you are allowed to install H5P libraries and you are uploading H5P content with some libraries that are not on the platform yet, then they will be installed. The content that you uploaded can then be run on that platform. Also, you will be able to create new content that may require this library. So, uploading H5P content is also a way to install new content types next to using the H5P Hub directly or Moodle’s scheduled task designated for that purpose: \core\task\h5p_get_content_types_task.

Who is allowed to install new H5P libraries?

It depends on the H5P integration that you are using, e.g. one of the plugins or Lumi.

Some H5P integrations may simply give you all the rights. The Lumi desktop application is one of them. You are your own boss and you are responsible for what you install. Keep in mind that even though there’s virtually nothing that could happen on Lumi for desktop if you installed some H5P content that was tampered with, you might still spread the infection with your content.

Other platforms such as Moodle or WordPress offer user role management features, and the H5P plugins for the respective platform support those features. Admins can assign particular rights (also called capabilities) to particular users or groups of users. Or they can withhold such rights. For instance, a student most often would not be allowed to create courses on Moodle.

One of those capabilities is dedicated to installing or updating H5P libraries. Admins should have that right automatically. They can also give it to others if appropriate. Here’s the capabilities’ name that they might want to check for:

  • hvp:updatelibraries (H5P plugin for moodle)
  • h5p:updatelibraries (Moodle’s custom H5P integration in Moodle core)
  • manage_h5p_libraries (WordPress)
  • H5P -> Update libraries (Drupal 7)
  • Update H5P libraries (Drupal 8/9)

Side note: Yes, WordPress supports user role management, too. It doesn’t ship with a respective editor though which would allow admins to change the default settings. It is required to use some additional plugin for that job, e. g. User Role Editor.