raggedstaff/openfoodnetwork
1
0
Fork 0
mirror of https://github.com/openfoodfoundation/openfoodnetwork synced 2026-02-05 22:26:07 +00:00
Code Issues Packages Projects Releases Wiki Activity

Refactor embedded logic

Browse Source
This commit is contained in:
Matt-Yorkley
2018-01-05 21:34:26 +00:00
parent 4a818c07bb
commit e173f823c8
1 changed files with 13 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

18
app/controllers/application_controller.rb
View File

@@ -55,13 +55,11 @@ class ApplicationController < ActionController::Base
end
def enable_embedded_shopfront
whitelist = Spree::Config[:embedded_shopfronts_whitelist]
domain = embedded_shopfront_referer
return unless Spree::Config[:enable_embedded_shopfronts] && whitelist.present? && domain.present? && whitelist.include?(domain)
return if request.referer && URI(request.referer).scheme != 'https' && !Rails.env.test? && !Rails.env.development?
return unless embeddable?
return if embedding_without_https?
response.headers.delete 'X-Frame-Options'
response.headers['Content-Security-Policy'] = "frame-ancestors #{domain}"
response.headers['Content-Security-Policy'] = "frame-ancestors #{embedded_shopfront_referer}"
check_embedded_request
set_embedded_layout
@@ -72,6 +70,16 @@ class ApplicationController < ActionController::Base
URI(request.referer).host.sub!(/^www./, '')
end
def embeddable?
whitelist = Spree::Config[:embedded_shopfronts_whitelist]
domain = embedded_shopfront_referer
Spree::Config[:enable_embedded_shopfronts] && whitelist.present? && domain.present? && whitelist.include?(domain)
end
def embedding_without_https?
request.referer && URI(request.referer).scheme != 'https' && !Rails.env.test? && !Rails.env.development?
end
def check_embedded_request
return unless params[:embedded_shopfront]