sipwise
/
ngcp-panel
mirror of https://github.com/sipwise/ngcp-panel.git
1
0
Fork 0
Code Issues Releases Wiki Activity

TT#142402 Improve 'framed' session behaviour when users are using v1 and v2 in parallel

Browse Source 
The modern browsers (except Safari) supports 'Sec-Fetch-Dest':
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Sec-Fetch-Dest

In theory we can remove the current 'framed session' storage completely,
but Safari will not be supported. Let's expand the current logic to provide
extra protection here to backport the commit to mr9.5+.

Change-Id: I9c070f77f427c81581f4d9ceeb1a57b274d77819
mr10.1
Alexander Lutay 4 years ago
parent fc8a16859f
commit 3cc01922e7
1 changed files with 2 additions and 0 deletions
Show Stats Download Patch File Download Diff File

2
lib/NGCP/Panel/Controller/Root.pm
Unescape View File

@ -357,6 +357,8 @@ sub include_framed {
$c->session->{framed} = 1 if ($c->req->params->{framed} && $c->req->params->{framed} == 1);
$c->session->{framed} = 0 if not defined $c->req->headers->header("referer");
$c->session->{framed} = 0 if (defined $c->req->params->{framed} && $c->req->params->{framed} == 0);
$c->session->{framed} = 0 if (defined $c->req->headers->header("sec-fetch-dest") && $c->req->headers->header("sec-fetch-dest") eq "document");
$c->session->{framed} = 1 if (defined $c->req->headers->header("sec-fetch-dest") && $c->req->headers->header("sec-fetch-dest") eq "iframe");
$c->stash(framed => $c->session->{framed}) if ($c->session->{framed} && $c->session->{framed} == 1);
return;

Write Preview
Loading…
Cancel
Save