workadventure

lbehm/workadventure

Fork 0

Commit graph

Author	SHA1	Message	Date
David Négrier	41fd848fa0	Fixed potential injection by switching map container to PHP Some HTML files were importing iframe_api.js automatically by detecting the referrer document. While this was done in a safe way (the map container does not use cookies), it is not a best practice to load a script originating from document.referrer. This PR solves the issue by using PHP to inject the correct domain name in the HTML files.	2021-11-29 19:05:13 +01:00
David Négrier	8f3d9277ac	Merging master into develop	2021-06-29 18:39:43 +02:00
GRL	389ca25b6a	Cowebsite opened by script can use Iframe Api	2021-06-28 18:00:48 +02:00

Author

SHA1

Message

Date

David Négrier

41fd848fa0

Fixed potential injection by switching map container to PHP

Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.

2021-11-29 19:05:13 +01:00

David Négrier

8f3d9277ac

Merging master into develop

2021-06-29 18:39:43 +02:00

GRL

389ca25b6a

Cowebsite opened by script can use Iframe Api

2021-06-28 18:00:48 +02:00

3 commits