From 95dc8aeae8069ad587a6736aace5416164715a8d Mon Sep 17 00:00:00 2001 From: =?UTF-8?q?Thomas=20M=C3=BCller?= <1005065+DeepDiver1975@users.noreply.github.com> Date: Mon, 29 Apr 2024 11:41:10 +0200 Subject: [PATCH] feat: remove allow-same-origin from iframe sandbox --- packages/web-app-draw-io/src/App.vue | 3 ++- packages/web-app-external/src/App.vue | 4 ++-- vite.config.ts | 3 ++- 3 files changed, 6 insertions(+), 4 deletions(-) diff --git a/packages/web-app-draw-io/src/App.vue b/packages/web-app-draw-io/src/App.vue index 90e1f91906e..e2630ed1f22 100644 --- a/packages/web-app-draw-io/src/App.vue +++ b/packages/web-app-draw-io/src/App.vue @@ -4,7 +4,7 @@ ref="drawIoEditor" :src="iframeSource" :title="$gettext('Draw.io editor')" - sandbox="allow-scripts allow-same-origin" + sandbox="allow-scripts" /> @@ -73,6 +73,7 @@ export default defineComponent({ stealth: 1, spin: 1, proto: 'json', + mode: 'ocis', ui: unref(config).theme }) diff --git a/packages/web-app-external/src/App.vue b/packages/web-app-external/src/App.vue index 2f149e1a090..f94e070e875 100644 --- a/packages/web-app-external/src/App.vue +++ b/packages/web-app-external/src/App.vue @@ -5,7 +5,7 @@ class="oc-width-1-1 oc-height-1-1" :title="iFrameTitle" allowfullscreen - sandbox="allow-scripts allow-same-origin" + sandbox="allow-scripts" />
@@ -19,7 +19,7 @@ class="oc-width-1-1 oc-height-1-1" :title="iFrameTitle" allowfullscreen - sandbox="allow-scripts allow-same-origin" + sandbox="allow-scripts" />
diff --git a/vite.config.ts b/vite.config.ts index 4d4112a6e94..d190e5c0f2b 100644 --- a/vite.config.ts +++ b/vite.config.ts @@ -135,6 +135,7 @@ export default defineConfig(({ mode, command }) => { }) } + const host = process.env.OWNCLOUD_WEB_HOST || 'host.docker.internal' return mergeConfig( { base: '', @@ -162,7 +163,7 @@ export default defineConfig(({ mode, command }) => { target: browserslistToEsbuild() }, server: { - host: 'host.docker.internal', + host: host, strictPort: true }, css: {