mirror of
https://github.com/HeyPuter/puter
synced 2024-11-14 14:03:42 +00:00
Update UIWindow.js
This commit is contained in:
parent
8e56ac5ec7
commit
57c2d72e21
@ -313,6 +313,9 @@ async function UIWindow(options) {
|
||||
style="${!options.has_head ? ' height: 100%;' : ''}">`;
|
||||
// iframe, for apps
|
||||
if(options.iframe_url || options.iframe_srcdoc){
|
||||
let allow_str = `camera; encrypted-media; gamepad; display-capture; geolocation; gyroscope; microphone; midi; clipboard-read; clipboard-write; fullscreen;`;
|
||||
if(window.co_isolation_enabled)
|
||||
allow_str += ' cross-origin-isolated;';
|
||||
// <iframe>
|
||||
// Important: we don't allow allow-same-origin when iframe_srcdoc is used because this would allow the iframe to access the parent window's DOM, localStorage, etc.
|
||||
// this is a security risk and must be avoided.
|
||||
@ -323,14 +326,13 @@ async function UIWindow(options) {
|
||||
${options.iframe_url ? 'src="'+ html_encode(options.iframe_url)+'"' : ''}
|
||||
${options.iframe_srcdoc ? 'srcdoc="'+ html_encode(options.iframe_srcdoc) +'"' : ''}
|
||||
${window.co_isolation_enabled
|
||||
? 'credentialless allow="cross-origin-isolated" '
|
||||
? 'credentialless '
|
||||
: ''
|
||||
}
|
||||
allow = "accelerometer; camera; encrypted-media; gamepad; display-capture; geolocation; gyroscope; microphone; midi; clipboard-read; clipboard-write; fullscreen;"
|
||||
allow = "${allow_str}"
|
||||
allowtransparency="true"
|
||||
allowpaymentrequest="true"
|
||||
allowfullscreen="true"
|
||||
allow="microphone"
|
||||
webkitallowfullscreen="webkitallowfullscreen"
|
||||
mozallowfullscreen="mozallowfullscreen"
|
||||
sandbox="allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox ${options.iframe_srcdoc ? '' : 'allow-same-origin'} allow-scripts allow-top-navigation-by-user-activation allow-downloads allow-presentation allow-storage-access-by-user-activation"></iframe>`;
|
||||
|
Loading…
Reference in New Issue
Block a user