Prevent non-widgets from being embedded in iframes #8662
Merged
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
What this PR does / why we need it:
Prevents non-widgets from being embedded in iframes.
Which issue(s) this PR closes:
Special notes for your reviewer:
Suggestions on how to test this:
I'd suggest setting up two servers that are using the same port. Probably 443 (HTTPS) would be used in production. One one server, deploy this branch. On the other server, all you need is Apache or any web server to server a static HTML file. In the static HTML file, I'd suggest coping and pasting code from the widgets tabs. Widgets should still work. You should also try including non-widget pages (e.g. the homepage) in an
<iframe>
. This should fail.I didn't set up two servers. Instead I used the "logos" directory in docroot to host the static HTML file. That is, I placed the following in
/usr/local/payara5/glassfish/domains/domain1/docroot/logos/42/index.html
Then I navigated to http://localhost:8080/logos/42/index.html in Firefox, Chrome, and Safari. I'll post screenshots of each below. In each, a widget is displayed.
Firefox.
Chrome (you have to hover your mouse to see the message)
Safari
Does this PR introduce a user interface change? If mockups are available, please link/include them here:
Not really. Screenshots are above under "testing".
Is there a release notes update needed for this change?:
Probably. Included.
Additional documentation:
None.