feat: allow embed share view into iframe (#257)

.gitpod.yml

@@ -1,3 +1,3 @@
 tasks:
-  - init: yarn install
-    command: yarn workspace nextjs-app run dev -p 3000
+  - init: pnpm install
+    command: make sqlite-mode && cd apps/nestjs-backend && pnpm dev

apps/nestjs-backend/src/share-db/share-db-permission.service.ts

@@ -138,7 +138,6 @@ export class ShareDbPermissionService {
     // view share permission validation
     const shareId = context.agent.custom.shareId;
     if (shareId && isShareViewResourceDoc(docType as IdPrefix)) {
-      console.log('context.snapshots === ', context.snapshots);
       const error = await this.checkReadViewSharePermission(
         shareId,
         context.collection,

apps/nextjs-app/src/pages/share/[shareId]/view/index.tsx

@@ -5,10 +5,14 @@ import { ssrApi } from '@/backend/api/rest/table.ssr';
 import type { IShareViewPageProps } from '@/features/app/blocks/share/view/ShareViewPage';
 import { ShareViewPage } from '@/features/app/blocks/share/view/ShareViewPage';
 
-export const getServerSideProps: GetServerSideProps<IShareViewPageProps> = async (context) => {
-  const { shareId } = context.query;
-  const req = context.req;
+export const getServerSideProps: GetServerSideProps<IShareViewPageProps> = async ({
+  res,
+  req,
+  query,
+}) => {
+  const { shareId } = query;
   try {
+    res.setHeader('Content-Security-Policy', "frame-ancestors 'self' *;");
     ssrApi.axios.defaults.headers['cookie'] = req.headers.cookie || '';
     const shareViewData = await ssrApi.getShareView(shareId as string);
     return {