Fix loading resources using sandbox domain from outer #1472
This commit is contained in:
parent
2bd8ff8f23
commit
a3f80b60b0
1 changed files with 9 additions and 0 deletions
|
@ -161,6 +161,15 @@ var setHeaders = function (req, res) {
|
|||
}
|
||||
|
||||
var h = getHeaders(Env, type);
|
||||
|
||||
// XXX Allow main domain to load resources from the sandbox URL
|
||||
// We can restrict this to onlyoffice fonts if we find a security issue with this
|
||||
if (!Env.enableEmbedding && req.get('origin') === Env.httpUnsafeOrigin) {
|
||||
//if (/^\/common\/onlyoffice\/dist\/.*\/fonts\/.*/.test(req.url)) {
|
||||
h['Access-Control-Allow-Origin'] = Env.httpUnsafeOrigin;
|
||||
//}
|
||||
}
|
||||
|
||||
applyHeaderMap(res, h);
|
||||
};
|
||||
|
||||
|
|
Loading…
Reference in a new issue