Adjusting public display of statuses to look similar to logged-in UI,

fix #361 with rich OEmbed display via iframe, fix #237 by hiding sensitive
content behind a spoiler on public pages

app/controllers/api/oembed_controller.rb

@@ -5,8 +5,8 @@ class Api::OembedController < ApiController
 
   def show
     @stream_entry = stream_entry_from_url(params[:url])
-    @width        = [300, params[:maxwidth].to_i].max
-    @height       = [200, params[:maxheight].to_i].max
+    @width        = params[:maxwidth].present?  ? params[:maxwidth].to_i  : 400
+    @height       = params[:maxheight].present? ? params[:maxheight].to_i : 600
   end
 
   private

app/controllers/stream_entries_controller.rb

@@ -9,8 +9,6 @@ class StreamEntriesController < ApplicationController
   before_action :check_account_suspension
 
   def show
-    @type = @stream_entry.activity_type.downcase
-
     respond_to do |format|
       format.html do
         return gone if @stream_entry.activity.nil?
@@ -27,7 +25,7 @@ class StreamEntriesController < ApplicationController
 
   def embed
     response.headers['X-Frame-Options'] = 'ALLOWALL'
-    @type = @stream_entry.activity_type.downcase
+    @external_links = true
 
     return gone if @stream_entry.activity.nil?
 
@@ -46,6 +44,7 @@ class StreamEntriesController < ApplicationController
 
   def set_stream_entry
     @stream_entry = @account.stream_entries.find(params[:id])
+    @type         = @stream_entry.activity_type.downcase
   end
 
   def check_account_suspension