Skip to content
This repository has been archived by the owner on Jun 4, 2024. It is now read-only.

feat: disable cookie access under restricted sandboxes #677

Merged
merged 5 commits into from
Jan 14, 2020
Merged

feat: disable cookie access under restricted sandboxes #677

merged 5 commits into from
Jan 14, 2020

Conversation

josegonzalez
Copy link
Contributor

When dash is embedded into an iframe with a sandbox attribute that only has allow-scripts, cookie access is disabled and dash-table fails to load. As such, we need to restrict our cookie usage by disabling functionality.

This patch removes the disabled functionality in a graceful manner, allowing dash-table to load in very restricted iframes.

@chriddyp chriddyp temporarily deployed to dash-table-review-pr-677 January 11, 2020 00:53 Inactive
@josegonzalez
feat: disable cookie access under restricted sandboxes
26d8641 
When dash is embedded into an iframe with a sandbox attribute that only has allow-scripts, cookie access is disabled and dash-table fails to load. As such, we need to restrict our cookie usage by disabling functionality.

This patch removes the disabled functionality in a graceful manner, allowing dash-table to load in very restricted iframes.
@chriddyp chriddyp temporarily deployed to dash-table-review-pr-677 January 11, 2020 00:54 Inactive
@chriddyp chriddyp temporarily deployed to dash-table-review-pr-677 January 14, 2020 14:02 Inactive
Marc-Andre-Rivet
Marc-Andre-Rivet reviewed Jan 14, 2020
View reviewed changes
src/core/storage/Cookie.ts
} catch (e) {
return false;
}
});
Copy link
Contributor

@Marc-Andre-Rivet Marc-Andre-Rivet Jan 14, 2020
edited
Loading

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@josegonzalez As I'm nearing a release and would want to get this in -- and haven't looked at it soon enough, took the liberty of updating this code so that the CookieStorage.enbled runs only once.

@chriddyp chriddyp temporarily deployed to dash-table-review-pr-677 January 14, 2020 14:08 Inactive
Marc-Andre-Rivet
Marc-Andre-Rivet reviewed Jan 14, 2020
View reviewed changes
CHANGELOG.md
@@ -10,6 +10,7 @@ This project adheres to [Semantic Versioning](http://semver.org/).

### Fixed
- [#670](https://github.com/plotly/dash-table/pull/670) Fix a bug where `derived_filter_query_structure` was not getting updated properly
- [#677](https://github.com/plotly/dash-table/pull/677) Fix a bug where the table fails to load when used inside an iframe with a sandbox attribute that only has allow-scripts
Copy link
Contributor

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

@josegonzalez Added a changelog entry

Marc-Andre-Rivet
Marc-Andre-Rivet approved these changes Jan 14, 2020
View reviewed changes
Copy link
Contributor

@Marc-Andre-Rivet Marc-Andre-Rivet left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

💃

@chriddyp chriddyp temporarily deployed to dash-table-review-pr-677 January 14, 2020 16:01 Inactive
@Marc-Andre-Rivet Marc-Andre-Rivet merged commit bec204c into dev Jan 14, 2020
@Marc-Andre-Rivet Marc-Andre-Rivet deleted the iframe-sandbox-support branch January 14, 2020 16:50
@Marc-Andre-Rivet Marc-Andre-Rivet mentioned this pull request Jan 15, 2020
Merged
@Marc-Andre-Rivet Marc-Andre-Rivet added this to the Dash v1.9 milestone Jan 17, 2020
Sign up for free to subscribe to this conversation on GitHub. Already have an account? Sign in.
Reviewers

@Marc-Andre-Rivet Marc-Andre-Rivet Marc-Andre-Rivet approved these changes

@shammamah-zz shammamah-zz Awaiting requested review from shammamah-zz

@alexcjohnson alexcjohnson Awaiting requested review from alexcjohnson alexcjohnson is a code owner

Assignees
No one assigned
Labels
size: 0.5
Projects
None yet
Milestone
Dash v1.9
Development

Successfully merging this pull request may close these issues.

None yet
3 participants
@josegonzalez @Marc-Andre-Rivet @chriddyp