blitzwing/cryptpad
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Fix loading resources using sandbox domain from outer #1472

Browse source
This commit is contained in:
yflory 2024-04-17 14:50:32 +02:00
parent 2bd8ff8f23
commit a3f80b60b0
1 changed files with 9 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

9
lib/http-worker.js
View file

@ -161,6 +161,15 @@ var setHeaders = function (req, res) {
}
var h = getHeaders(Env, type);
// XXX Allow main domain to load resources from the sandbox URL
// We can restrict this to onlyoffice fonts if we find a security issue with this
if (!Env.enableEmbedding && req.get('origin') === Env.httpUnsafeOrigin) {
//if (/^\/common\/onlyoffice\/dist\/.*\/fonts\/.*/.test(req.url)) {
h['Access-Control-Allow-Origin'] = Env.httpUnsafeOrigin;
//}
}
applyHeaderMap(res, h);
};