workadventure/maps/tests/Metadata/cowebsiteAllowApi.js at 41fd848fa0335ca85d8a4cd3cc2b84b7ecf00bf7 - lbehm/workadventure - Forgejo by nr18.space

lbehm/workadventure

David Négrier 41fd848fa0 Fixed potential injection by switching map container to PHP

Some HTML files were importing iframe_api.js automatically by detecting the referrer document.

While this was done in a safe way (the map container does not use cookies), it is not
a best practice to load a script originating from document.referrer.

This PR solves the issue by using PHP to inject the correct domain name in the HTML files.

2021-11-29 19:05:13 +01:00

2 lines

57 B

JavaScript

Raw Blame History

WA.nav.openCoWebSite("cowebsiteAllowApi.php", true, "");