Kraut.World/server
3
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

Use dynamic Iframe API

Browse source
This commit is contained in:
GRL 2021-06-28 16:13:38 +02:00
parent feab5da2ad
commit 06920a2271
1 changed files with 5 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

7
maps/tests/Metadata/cowebsiteAllowApi.html
View file

@ -1,9 +1,12 @@
<!doctype html> <!doctype html>
<html lang="en"> <html lang="en">
<head> <head>
<script src="http://play.workadventure.localhost/iframe_api.js"></script>
<script> <script>
var script = document.createElement('script');
// Don't do this at home kids! The "document.referrer" part is actually inserting a XSS security.
// We are OK in this precise case because the HTML page is hosted on the "maps" domain that contains only static files.
script.setAttribute('src', document.referrer + 'iframe_api.js');
document.head.appendChild(script);
</script> </script>
</head> </head>
<body> <body>