receiver/iframe: don't sandbox iframes

This may seem a good idea to avoid iframes doing crazy stuff but some perfectly valid uses are just blocked. For example, it is not possible for an iframe to change its origin to a super domain (edition.cnn.com is not allowed to change its domain to cnn.com when it should).
vincentbernat · Nov 29, 2015 · 0eff2ba · 0eff2ba
1 parent bfec0fb
commit 0eff2ba
Showing 1 changed file with 0 additions and 1 deletion.
diff --git a/app/scripts/receiver/iframe-queue.js b/app/scripts/receiver/iframe-queue.js
@@ -33,7 +33,6 @@ module.exports = (function(window, undefined) {
     vp.adapt(this.el);
 
     // Load the URL
-    this.el.setAttribute('sandbox', 'allow-scripts allow-same-origin');
     this.el.setAttribute('src', dashboard.url);
   }