Cleanup after investigation

FlowFuse · Jun 3, 2024 · f9fab17 · f9fab17
1 parent e6c0d9b
commit f9fab17
Show file tree

Hide file tree

Showing 2 changed files with 2 additions and 7 deletions.
diff --git a/lib/runtimeSettings.js b/lib/runtimeSettings.js
@@ -325,15 +325,11 @@ module.exports = {
         ui: true
     },
     httpAdminMiddleware: function(req,res,next) {
-        res.set("Content-Security-Policy", "frame-ancestors 'self' *.flowforge.cloud *.flowfuse:* *.flowforge:*");
-        res.set("X-Frame-Options", "allow-from *.flowforge.cloud *.flowfuse:* *.flowforge:*");
+        res.set("Content-Security-Policy", "frame-ancestors 'self' ${settings.forgeURL}");
         next()
     }
 }
 `
-    // todo ^^ the httpAdminMiddleware runtime config allows the editor to be embedded in an iframe on the forge site
-    //  both headers are required for legacy browsers and best practice
-    //  pf course, they should not be hardcoded, a better solution would be to allow the ff app to set these headers
     return settingsTemplate
 }
 

diff --git a/lib/theme/common/forge-common.js b/lib/theme/common/forge-common.js
@@ -26,8 +26,7 @@
                 navigateTo(url)
             })
     }
-    // todo remove later
-    document.cookie = 'regularCookie=dontMindMe;'
+
     function changeFavicon (src) {
         const link = document.createElement('link')
         const oldLink = $('link[href="favicon.ico"]')[0] || $('#dynamic-favicon"]')[0]