Skip to content

fix: support cross-origin example iframes#8768

Merged
kpal81xd merged 3 commits into
mainfrom
fix/examples-iframe-cross-origin
May 22, 2026
Merged

fix: support cross-origin example iframes#8768
kpal81xd merged 3 commits into
mainfrom
fix/examples-iframe-cross-origin

Conversation

@kpal81xd
Copy link
Copy Markdown
Contributor

@kpal81xd kpal81xd commented May 22, 2026

Description

Make direct example iframe routes safe to embed from another origin.

  • Add a same-origin host helper for examples iframe runtime parent interactions.
  • Keep parent events and pc exposure same-origin only.
  • Guard example-level parent hash/document reads used by standalone iframe routes.

Public API Changes

None.

Testing

Manual tests:

  • Embedded /iframe/misc_hello-world.html?deviceType=webgl2 from another local origin in Chromium and confirmed ready=true with zero SecurityError or permission errors.

Checklist

  • I have read the contributing guidelines
  • My code follows the project's coding standards
  • This PR focuses on a single change

@kpal81xd kpal81xd self-assigned this May 22, 2026
@kpal81xd kpal81xd force-pushed the fix/examples-iframe-cross-origin branch from af0ca8c to 5bf0139 Compare May 22, 2026 14:10
@kpal81xd kpal81xd force-pushed the fix/examples-iframe-cross-origin branch from 5bf0139 to 893f63b Compare May 22, 2026 14:12
@kpal81xd kpal81xd force-pushed the fix/examples-iframe-cross-origin branch from 893f63b to 67efef8 Compare May 22, 2026 14:13
@kpal81xd kpal81xd merged commit 50b7d6b into main May 22, 2026
7 of 8 checks passed
@kpal81xd kpal81xd deleted the fix/examples-iframe-cross-origin branch May 22, 2026 14:17
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

@kpal81xd kpal81xd

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@kpal81xd