Make the header for embedded unauthorized render an h3

fixes LF-618
flag=none

Test plan:
- Access a page you have no access to
- Check that the unauthorized message
  appears with the usual H1 (only one
  in the page).
- Access a page which you do have acces
  to, with a media you don't.
- Check that the unauthorized message
  inside the iframe uses an H3 and not
  an H1.

Change-Id: I0fc9bebf786eaef9f93b9d3dc73b18d8211c315c
Reviewed-on: https://gerrit.instructure.com/c/canvas-lms/+/326323
Tested-by: Service Cloud Jenkins <svc.cloudjenkins@instructure.com>
Reviewed-by: Juan Chavez <juan.chavez@instructure.com>
Reviewed-by: Mysti Lilla <mysti@instructure.com>
QA-Review: Mysti Lilla <mysti@instructure.com>
Product-Review: Luis Oliveira <luis.oliveira@instructure.com>

app/views/shared/unauthorized.html.erb

@@ -32,7 +32,11 @@
       <h1><%= t('headings.unpublished', %{Not Yet Available}) %></h1>
     <% else %>
       <img class="ic-Error-img" role="presentation" alt="" aria-hidden="true" src="/images/401_permissions.svg">
-      <h1><%= t("Access Denied") %></h1>
+      <% if request.query_parameters[:embedded] %>
+        <h3><%= t("Access Denied") %></h3>
+      <% else %>
+        <h1><%= t("Access Denied") %></h1>
+      <% end %>
     <% end %>
     <% if @unauthorized_message %>
       <p><%= @unauthorized_message %></p>

spec/views/shared/unauthorized.html.erb_spec.rb

@@ -26,5 +26,17 @@ describe "shared/unauthorized" do
     view_context
     render "shared/unauthorized"
     expect(response).not_to be_nil
+    page = Nokogiri(response.body)
+    expect(page.css("h1").first).not_to be_nil
+  end
+
+  it "renders embedded with proper headers" do
+    course_with_student
+    view_context
+    controller.request.query_parameters[:embedded] = true
+    render "shared/unauthorized"
+    page = Nokogiri(response.body)
+    expect(page.css("h3").first).not_to be_nil
+    expect(page.css("h1").first).to be_nil
   end
 end