Skip to content
Snippets Groups Projects
Select Git revision
  • run-hover-effect
  • skip-some-uberjar-builds
  • adm-516-app-partially-crashes-during-navigation
  • master default protected
  • pr_env_paginated
  • fix-charts-glitches-in-safari
  • adm-512-fe-show-synced-folder-in-disconnect-modal
  • adm-476-sheets-only-admin-who-started-the-sync-should-see-the-sync
  • dri-117-bring-starburst-in-house
  • cast-date-integration
  • release-x.53.x
  • backport-52-aebf3c8a2d5e11a4c50068e7fdd6b5779b73b602
  • backport-53-aebf3c8a2d5e11a4c50068e7fdd6b5779b73b602
  • disable-column-reordering-on-raw-query-views
  • adm-460-press-escape-to-close-entity-picker
  • segmented-control-colors
  • adm-470-refactor-prep
  • adm-546-ui-for-syncing-sheets-or-folders
  • nm-field-refs-for-tile-queries
  • release-x.52.x
  • v0.53.7.5
  • v0.53.7.x
  • v0.53.x
  • embedding-sdk-52-stable
  • embedding-sdk-0.52.17
  • embedding-sdk-53-stable
  • embedding-sdk-0.53.12
  • v0.52.16.3
  • v0.52.16.x
  • v0.52.x
  • v0.53.7.4
  • v0.53.7.3
  • v0.53.7.2
  • v0.53.7.1
  • v0.52.16.1
  • v0.52.16.2
  • v0.52.16
  • latest-ee
  • latest-oss
  • v0.53.7
40 results
Compare
user avatar
Add allowed iframe host setting (#48805)
Aleksandr Lesnenko authored 
* add allowed iframe host setting wip

* use allowed-iframe-hosts setting in the CSP header

* add a test for the frame-src csp directive

* Update allowed-iframe-hosts setting definition

* Add error state for forbidden iframe url domains

* Move out iframe e2e test suite

* Add e2e test

* Update error message in view mode

* Fix unit tests

* Update setting on the admin page

* Update error state

* Add links to error states

* Update docs links

* Update link anchors

* Add default allowed hosts to public setting

* Update allowed domain check logic

* Fix default value display in admin page

* Don't update setting without changes

* Update error message spacing

* correct the parsing of allowed-hosts string for CSP header entries

* fix test

* fix not handling wildcard ports

* Fix failing e2e test

* Fix subdomain test

* address review

 - the parse-allowed-iframe-hosts fn is now memoized
 - a * entry is handled and doesn't produce a weird *:* entry
 - no more try/catch, errors in parsing will be logged but the list returns all valid entries
 - when www. is encountered, an entry including www. is added
 - trailing / is 'cleaned' and the entry is used as if there was no trailing /

* Fixup test for expecting a few more frame sources

* indentation fix for linter :smiling_face_with_tear:



* Fix type error

---------

Co-authored-by: default avatarAdam James <adam.vermeer2@gmail.com>
Co-authored-by: default avatarAnton Kulyk <kuliks.anton@gmail.com>
Co-authored-by: default avatardan sutton <dan@dpsutton.com>
7d61485b
History
user avatar 7d61485b
History
Code owners
Assign users and groups as approvers for specific file changes. Learn more.
Name Last commit Last update
..
certificates
csv
frontend_client/app/locales
ldap
notification/channel_template
serialization_baseline
ssh
ssl
sso
active_directory.ldif
broken_pubkey.pem
eastwood-config.clj
error-migration.yaml
fake_ag_token.txt
fake_pubkey.pem
force-migration.yaml
keystore.jks
ldap.ldif
load-durations.edn
posixGroup.schema.ldif
saml-slo-test-response.xml
saml-test-response-new-user-no-names.xml
saml-test-response-new-user-with-groups-in-separate-attribute-nodes.xml
saml-test-response-new-user-with-groups.xml
saml-test-response-new-user-with-single-group.xml
saml-test-response-new-user.xml
saml-test-response.xml
slack_channels_response.json
slack_conversations_join_response.json
slack_post_chat_message_response.json
slack_upload_file_response.json
slack_users_response.json
sync-durations.edn
test.geojson