Add allow-presentation permission to iframe sandbox permissions

This commit is contained in:
Richard Lewis 2017-07-28 11:14:04 +01:00
parent 11335b1488
commit aff1cd9469

View file

@ -182,7 +182,7 @@ export default React.createClass({
// hosted on the same origin as the client will get the same access as if you clicked // hosted on the same origin as the client will get the same access as if you clicked
// a link to it. // a link to it.
const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+ const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox "+
"allow-same-origin allow-scripts"; "allow-same-origin allow-scripts allow-presentation";
const parsedWidgetUrl = url.parse(this.state.widgetUrl); const parsedWidgetUrl = url.parse(this.state.widgetUrl);
let safeWidgetUrl = ''; let safeWidgetUrl = '';
if (ALLOWED_APP_URL_SCHEMES.indexOf(parsedWidgetUrl.protocol) !== -1) { if (ALLOWED_APP_URL_SCHEMES.indexOf(parsedWidgetUrl.protocol) !== -1) {