discourse-ai

Commit Graph

Author	SHA1	Message	Date
David Taylor	b10be23533	FIX: Ensure artifacts are sandboxed, even when visited directly (#921 ) It's important that artifacts are never given 'same origin' access to the forum domain, so that they cannot access cookies, or make authenticated HTTP requests. So even when visiting the URL directly, we need to wrap them in a sandboxed iframe.	2024-11-19 11:44:17 +00:00
Sam	3ae1e4eaf0	FIX: properly bypass CSP for artifacts (#920 ) Was meant to be bypassed but was not implemented correctly	2024-11-19 20:25:07 +11:00

Author

SHA1

Message

Date

David Taylor

b10be23533

FIX: Ensure artifacts are sandboxed, even when visited directly (#921 )

It's important that artifacts are never given 'same origin' access to the forum domain, so that they cannot access cookies, or make authenticated HTTP requests. So even when visiting the URL directly, we need to wrap them in a sandboxed iframe.

2024-11-19 11:44:17 +00:00

Sam

3ae1e4eaf0

FIX: properly bypass CSP for artifacts (#920 )

Was meant to be bypassed but was not implemented correctly

2024-11-19 20:25:07 +11:00

2 Commits