From f9fab17ce1a7c9a7259577e7d6ea686d32a49245 Mon Sep 17 00:00:00 2001 From: cstns Date: Fri, 31 May 2024 13:26:11 +0300 Subject: [PATCH] Cleanup after investigation --- lib/runtimeSettings.js | 6 +----- lib/theme/common/forge-common.js | 3 +-- 2 files changed, 2 insertions(+), 7 deletions(-) diff --git a/lib/runtimeSettings.js b/lib/runtimeSettings.js index e95530f..540aab6 100644 --- a/lib/runtimeSettings.js +++ b/lib/runtimeSettings.js @@ -325,15 +325,11 @@ module.exports = { ui: true }, httpAdminMiddleware: function(req,res,next) { - res.set("Content-Security-Policy", "frame-ancestors 'self' *.flowforge.cloud *.flowfuse:* *.flowforge:*"); - res.set("X-Frame-Options", "allow-from *.flowforge.cloud *.flowfuse:* *.flowforge:*"); + res.set("Content-Security-Policy", "frame-ancestors 'self' ${settings.forgeURL}"); next() } } ` - // todo ^^ the httpAdminMiddleware runtime config allows the editor to be embedded in an iframe on the forge site - // both headers are required for legacy browsers and best practice - // pf course, they should not be hardcoded, a better solution would be to allow the ff app to set these headers return settingsTemplate } diff --git a/lib/theme/common/forge-common.js b/lib/theme/common/forge-common.js index 8405f97..292a2ae 100644 --- a/lib/theme/common/forge-common.js +++ b/lib/theme/common/forge-common.js @@ -26,8 +26,7 @@ navigateTo(url) }) } - // todo remove later - document.cookie = 'regularCookie=dontMindMe;' + function changeFavicon (src) { const link = document.createElement('link') const oldLink = $('link[href="favicon.ico"]')[0] || $('#dynamic-favicon"]')[0]