lbehm/workadventure
1
0
Fork 0
Code Issues Pull requests Releases Activity
workadventure/maps
History
David Négrier 41fd848fa0 Fixed potential injection by switching map container to PHP 
Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
2021-11-29 19:05:13 +01:00
..
assets Removed old maps and add starter-kit map 2021-09-23 12:29:14 +01:00
starter Removed old maps and add starter-kit map 2021-09-23 12:29:14 +01:00
tests Fixed potential injection by switching map container to PHP 2021-11-29 19:05:13 +01:00
Tuto Fix some typos (found by codespell) (#1316) 2021-07-27 14:29:09 +02:00
.dockerignore *: Dockerfiles cleanup, docker-compose.prod.yaml 2021-01-12 22:32:37 +01:00
.gitignore FIX: maps/dist directory is now gitignored 2020-11-24 14:43:21 +01:00
.htaccess Moving maps to their own container 2020-07-23 18:43:51 +02:00
Dockerfile [Breaking change] UPLOADER_URL and ADMIN_URL are now true URLs (and not only host name) and API_URL is replaced by PUSHER_URL 2021-03-31 16:00:14 +02:00
package.json Removed old maps and add starter-kit map 2021-09-23 12:29:14 +01:00
tsconfig.json Removed old maps and add starter-kit map 2021-09-23 12:29:14 +01:00
yarn.lock Removed old maps and add starter-kit map 2021-09-23 12:29:14 +01:00