9425fd70c0
Scripts in module mode need to be abide by the Same Origin Policy (CORS headers are used to load them) This can cause issues on some setups. This commit adds a new "scriptDisableModuleSupport" that can be used to disable the "modules" mode. Closes #1721
22 lines
836 B
HTML
22 lines
836 B
HTML
<!doctype html>
|
|
<html lang="en">
|
|
<head>
|
|
<script src="/iframe_api.js" ></script>
|
|
<script>
|
|
// Note: this is a huge XSS flow as we allow anyone to load a Javascript file in our domain.
|
|
// This file must ABSOLUTELY be removed from the Docker images/deployments and is only here
|
|
// for development purpose (because dynamically generated iframes are not working with
|
|
// webpack hot reload due to an issue with rights)
|
|
const urlParams = new URLSearchParams(window.location.search);
|
|
const scriptUrl = urlParams.get('script');
|
|
const script = document.createElement('script');
|
|
script.src = scriptUrl;
|
|
|
|
if (urlParams.get('moduleMode') === 'true') {
|
|
script.type = "module";
|
|
}
|
|
document.head.append(script);
|
|
</script>
|
|
</head>
|
|
</html>
|