Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[stable28] fix: emit allow attribute on iframe for the clipboard (fixes #3474) #3481

Merged
merged 1 commit into from
Feb 20, 2024
Merged

[stable28] fix: emit allow attribute on iframe for the clipboard (fixes #3474) #3481

merged 1 commit into from
Feb 20, 2024

Conversation

backportbot[bot]
Copy link

@backportbot backportbot bot commented Feb 20, 2024

Backport of PR #3475

@vmiklos @backportbot
fix: emit allow attribute on iframe for the clipboard (fixes #3474)
6e29846 
As described at
<https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes>
newer Chrome requires explicit markup for code in an iframe to execute
JS that requires permissions, like clipboard.

If this markup is missing, then the user won't be even asked.  Use the
wildcard syntax, because the COOL JS code in the iframe is not the
initial src attribute value of the iframe, it gets changed later.

With this, a permission popup on paste shows up in Chrome even if the
paste is perssed on the notebookbar, even if nextcloud is served from
one domain and COOL is served from an other domain.

This fixes the document edit case; possibly it should be also added at
all other places where the allowfullscreen attribute is used, which is
not done in this commit.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
@backportbot backportbot bot added bug Something isn't working 3. to review Ready to be reviewed labels Feb 20, 2024
@backportbot backportbot bot added this to the Nextcloud 28 milestone Feb 20, 2024
@juliushaertl juliushaertl merged commit ce2e664 into stable28 Feb 20, 2024
43 checks passed
@juliushaertl juliushaertl deleted the backport/3475/stable28 branch February 20, 2024 10:12
@juliushaertl juliushaertl mentioned this pull request Feb 29, 2024
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@juliushaertl juliushaertl juliushaertl approved these changes

Assignees
No one assigned
Labels
3. to review Ready to be reviewed bug Something isn't working
Projects
None yet
Milestone
Nextcloud 28
Development

Successfully merging this pull request may close these issues.
2 participants
@juliushaertl @vmiklos