]> cat aescling's git repositories - mastodon.git/commitdiff
cat aescling's git repositories / mastodon.git / commitdiff
? search:
summary | shortlog | log | commit | commitdiff | tree
raw | patch | inline | side by side (parent: 30de4e4)
Sandbox toot embeds in the embed modal
authorThibaut Girka <thib@sitedethib.com>
Mon, 17 Dec 2018 20:42:18 +0000 (21:42 +0100)
committerThibG <thib@sitedethib.com>
Mon, 17 Dec 2018 21:22:29 +0000 (22:22 +0100)
It should not be necessary thanks to our Content Security Policy, but best
be sure in case a server's CSP is incorrect. Also, avoids a CSP warning about
loading remote scripts.

app/javascript/flavours/glitch/features/ui/components/embed_modal.js patch | blob | history

diff --git a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js
index f3553f4a9fb17ede9277a8edff765315120d9d73..bf29b0da5d87246da8a5dd3b70cba01c436dbf23 100644 (file)
--- a/app/javascript/flavours/glitch/features/ui/components/embed_modal.js
+++ b/app/javascript/flavours/glitch/features/ui/components/embed_modal.js
@@ -74,6 +74,7 @@ export default class EmbedModal extends ImmutablePureComponent {
             className='embed-modal__iframe'
             frameBorder='0'
             ref={this.setIframeRef}
+            sandbox='allow-same-origin'
             title='preview'
           />
         </div>
source code fur Kibicat Mastodon