Fixed potential injection by switching map container to PHP

Some HTML files were importing iframe_api.js automatically by detecting the referrer document. While this was done in a safe way (the map container does not use cookies), it is not a best practice to load a script originating from document.referrer. This PR solves the issue by using PHP to inject the correct domain name in the HTML files.
2021-11-29 19:05:13 +01:00 · 2021-11-29 19:05:13 +01:00 · 41fd848fa0
commit 41fd848fa0
parent 233c3d1abe
27 changed files with 167 additions and 204 deletions
--- a/deeployer.libsonnet
+++ b/deeployer.libsonnet
@ -101,7 +101,10 @@
      "host": {
        "url": "maps-"+url
      },
-      "ports": [80]
+      "ports": [80],
+      "env": {
+          "FRONT_URL": "https://play-"+url
+      }
    },
    "redis": {
      "image": "redis:6",