_Bastler/partey_workadventure
1
0
Fork 0
Code Issues Pull Requests Projects Releases Wiki Activity

Fixed potential injection by switching map container to PHP

Browse Source 
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
This commit is contained in:
David Négrier
2021-11-29 19:05:13 +01:00
parent 233c3d1abe
commit 41fd848fa0
27 changed files with 167 additions and 204 deletions
Download Patch File Download Diff File Expand all files Collapse all files
maps/tests/Metadata/cowebsiteAllowApi.js
+1 -1
View File
@@ -1 +1 @@
WA.nav.openCoWebSite("cowebsiteAllowApi.html", true, "");
WA.nav.openCoWebSite("cowebsiteAllowApi.php", true, "");