mirrors/puter
1
0
Fork 0
mirror of https://github.com/HeyPuter/puter synced 2024-11-14 22:06:00 +00:00
Code Issues Packages Projects Releases Wiki Activity

Update UIWindow.js

Browse Source
This commit is contained in:
Nariman Jelveh 2024-09-03 14:24:58 -04:00
parent 8e56ac5ec7
commit 57c2d72e21
1 changed files with 5 additions and 3 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

8
src/gui/src/UI/UIWindow.js
View File

@ -313,6 +313,9 @@ async function UIWindow(options) {
style="${!options.has_head ? ' height: 100%;' : ''}">`;
// iframe, for apps
if(options.iframe_url || options.iframe_srcdoc){
let allow_str = `camera; encrypted-media; gamepad; display-capture; geolocation; gyroscope; microphone; midi; clipboard-read; clipboard-write; fullscreen;`;
if(window.co_isolation_enabled)
allow_str += ' cross-origin-isolated;';
// <iframe>
// Important: we don't allow allow-same-origin when iframe_srcdoc is used because this would allow the iframe to access the parent window's DOM, localStorage, etc.
// this is a security risk and must be avoided.
@ -323,14 +326,13 @@ async function UIWindow(options) {
${options.iframe_url ? 'src="'+ html_encode(options.iframe_url)+'"' : ''}
${options.iframe_srcdoc ? 'srcdoc="'+ html_encode(options.iframe_srcdoc) +'"' : ''}
${window.co_isolation_enabled
? 'credentialless allow="cross-origin-isolated" '
? 'credentialless '
: ''
}
allow = "accelerometer; camera; encrypted-media; gamepad; display-capture; geolocation; gyroscope; microphone; midi; clipboard-read; clipboard-write; fullscreen;"
allow = "${allow_str}"
allowtransparency="true"
allowpaymentrequest="true"
allowfullscreen="true"
allow="microphone"
webkitallowfullscreen="webkitallowfullscreen"
mozallowfullscreen="mozallowfullscreen"
sandbox="allow-forms allow-modals allow-pointer-lock allow-popups allow-popups-to-escape-sandbox ${options.iframe_srcdoc ? '' : 'allow-same-origin'} allow-scripts allow-top-navigation-by-user-activation allow-downloads allow-presentation allow-storage-access-by-user-activation"></iframe>`;