feat: Add a field to accept allowed embedding domains
This commit is contained in:
Suraj Shetty
parent
7a9748a417
commit
d35518639b
3 changed files with 18 additions and 1 deletions
|
|
@ -31,6 +31,7 @@
|
|||
"allow_comments",
|
||||
"show_attachments",
|
||||
"allow_incomplete",
|
||||
"allowed_embedding_domains",
|
||||
"section_break_2",
|
||||
"max_attachment_size",
|
||||
"condition_section",
|
||||
|
|
@ -401,13 +402,19 @@
|
|||
"fieldname": "hide_footer",
|
||||
"fieldtype": "Check",
|
||||
"label": "Hide footer"
|
||||
},
|
||||
{
|
||||
"description": "Specify the domains or origins that are permitted to embed this form. Enter one domain per line (e.g., https://example.com). If no domains are specified, the form can only be embedded on the same origin.",
|
||||
"fieldname": "allowed_embedding_domains",
|
||||
"fieldtype": "Small Text",
|
||||
"label": "Allowed Embedding Domains"
|
||||
}
|
||||
],
|
||||
"has_web_view": 1,
|
||||
"icon": "icon-edit",
|
||||
"is_published_field": "published",
|
||||
"links": [],
|
||||
"modified": "2024-09-11 14:28:39.391595",
|
||||
"modified": "2024-10-18 11:19:53.969109",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Website",
|
||||
"name": "Web Form",
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ class WebForm(WebsiteGenerator):
|
|||
allow_incomplete: DF.Check
|
||||
allow_multiple: DF.Check
|
||||
allow_print: DF.Check
|
||||
allowed_embedding_domains: DF.SmallText | None
|
||||
anonymous: DF.Check
|
||||
apply_document_permissions: DF.Check
|
||||
banner_image: DF.AttachImage | None
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
import frappe
|
||||
from frappe.website.page_renderers.document_page import DocumentPage
|
||||
from frappe.website.router import get_page_info_from_web_form
|
||||
|
||||
|
|
@ -8,6 +9,14 @@ class WebFormPage(DocumentPage):
|
|||
if web_form:
|
||||
self.doctype = "Web Form"
|
||||
self.docname = web_form.name
|
||||
self.set_headers()
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def set_headers(self):
|
||||
doc = frappe.get_cached_doc(self.doctype, self.docname)
|
||||
allowed_embedding_domains = doc.allowed_embedding_domains
|
||||
if allowed_embedding_domains:
|
||||
allowed_embedding_domains = allowed_embedding_domains.replace("\n", " ")
|
||||
self.headers = {"Content-Security-Policy": f"frame-ancestors 'self' {allowed_embedding_domains}"}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue