Commit Graph

4 Commits

Author SHA1 Message Date
Hanusiak Piotr
99ffb7b450 merged develop 2021-12-15 15:23:21 +01:00
David Négrier
41fd848fa0 Fixed potential injection by switching map container to PHP
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
2021-11-29 19:05:13 +01:00
Benedicte Quimbert
99dfd77600 WIP API updates for tutorial and more 2021-11-25 10:55:54 +01:00
David Négrier
6b9b999996 Making embedded iframes scriptable using the WA.room.website namespace. 2021-08-05 12:37:05 +02:00