Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Allow editor links to work inside an iframe or with CSP that prohibits other protocols #440

Merged

Conversation

lastobelus
Copy link
Contributor

restrictions for apps running in a third-party iframe

restrictions for apps running in a third-party iframe
@lastobelus
Copy link
Contributor Author

for example, Shopify app

@RobinDaugherty
Copy link
Member

Thanks @lastobelus! Might it be possible to implement something in Javascript that can change the link attributes when CSP will disallow it from opening? Unfortunately opening a new tab on every click of the editor link seems like a poor compromise. At the least, let's make this configurable so that it can be enabled in applications that need it.

@RobinDaugherty RobinDaugherty changed the title adds target=_blank to editor link, to work around CSP Allow editor links to work inside an iframe or with CSP that prohibits other protocols May 14, 2020
@RobinDaugherty
Copy link
Member

I've changed this to use an environment variable, BETTER_ERRORS_INSIDE_FRAME. If that's set, the target attribute will be present. And I added specs to cover this new behavior.

@RobinDaugherty RobinDaugherty merged commit 86c19fc into BetterErrors:master May 14, 2020
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

Successfully merging this pull request may close these issues.

2 participants