Enable iframes for embedded shopfronts

This commit is contained in:
Matt-Yorkley
2017-05-03 13:38:02 +01:00
committed by Maikel Linke
parent b1452f097d
commit 113f6565be
17 changed files with 122 additions and 0 deletions

View File

@@ -3,6 +3,8 @@ require 'open_food_network/referer_parser'
class ApplicationController < ActionController::Base
protect_from_forgery
prepend_before_filter :restrict_iframes
include EnterprisesHelper
helper CssSplitter::ApplicationHelper
@@ -20,6 +22,21 @@ class ApplicationController < ActionController::Base
private
def restrict_iframes
response.headers['X-Frame-Options'] = 'DENY'
response.headers['Content-Security-Policy'] = "frame-ancestors 'none'"
end
def enable_embedded_shopfront
return unless Spree::Config[:enable_embedded_shopfronts]
@session_data = session
whitelist = Spree::Config[:embedded_shopfronts_whitelist] || "'none'"
response.headers.delete 'X-Frame-Options'
response.headers['Content-Security-Policy'] = "frame-ancestors #{whitelist}"
end
def action
params[:action].to_sym
end