Merge pull request #28162 from surajshetty3416/allow-cross-domain-webform-embedding
feat: Add a field to accept allowed embedding domains
This commit is contained in:
Akhil Narang
GitHub
commit
f9432a7922
4 changed files with 61 additions and 26 deletions
|
|
@ -87,6 +87,10 @@ context("Web Form", () => {
|
|||
cy.visit("/app/web-form/note");
|
||||
|
||||
cy.findByRole("tab", { name: "Settings" }).click();
|
||||
|
||||
cy.wait(100);
|
||||
cy.get(".section-head").contains("List Settings").scrollIntoView();
|
||||
|
||||
cy.fill_field("list_title", "Note List");
|
||||
|
||||
cy.save();
|
||||
|
|
|
|||
|
|
@ -17,22 +17,25 @@
|
|||
"introduction_text",
|
||||
"web_form_fields",
|
||||
"settings_tab",
|
||||
"login_required",
|
||||
"allow_multiple",
|
||||
"allow_edit",
|
||||
"allow_delete",
|
||||
"access_control_section",
|
||||
"anonymous",
|
||||
"hide_navbar",
|
||||
"hide_footer",
|
||||
"login_required",
|
||||
"column_break_2",
|
||||
"apply_document_permissions",
|
||||
"allow_edit",
|
||||
"allow_multiple",
|
||||
"allow_delete",
|
||||
"form_settings_section",
|
||||
"allow_incomplete",
|
||||
"allow_comments",
|
||||
"allow_print",
|
||||
"print_format",
|
||||
"allow_comments",
|
||||
"show_attachments",
|
||||
"allow_incomplete",
|
||||
"section_break_2",
|
||||
"max_attachment_size",
|
||||
"show_attachments",
|
||||
"column_break_hhec",
|
||||
"hide_navbar",
|
||||
"hide_footer",
|
||||
"allowed_embedding_domains",
|
||||
"condition_section",
|
||||
"condition_description",
|
||||
"condition_json",
|
||||
|
|
@ -181,27 +184,28 @@
|
|||
"options": "Web Form Field"
|
||||
},
|
||||
{
|
||||
"description": "Set size in MB",
|
||||
"fieldname": "max_attachment_size",
|
||||
"fieldtype": "Int",
|
||||
"label": "Max Attachment Size (in MB)"
|
||||
"label": "Max attachment size"
|
||||
},
|
||||
{
|
||||
"description": "For help see <a href=\"https://frappeframework.com/docs/user/en/guides/portal-development/web-forms\" target=\"_blank\">Client Script API and Examples</a>",
|
||||
"fieldname": "client_script",
|
||||
"fieldtype": "Code",
|
||||
"label": "Client Script"
|
||||
"label": "Client script"
|
||||
},
|
||||
{
|
||||
"default": "Save",
|
||||
"fieldname": "button_label",
|
||||
"fieldtype": "Data",
|
||||
"label": "Submit Button Label"
|
||||
"label": "Submit button label"
|
||||
},
|
||||
{
|
||||
"description": "Message to be displayed on successful completion",
|
||||
"fieldname": "success_message",
|
||||
"fieldtype": "Text",
|
||||
"label": "Success Message"
|
||||
"label": "Success message"
|
||||
},
|
||||
{
|
||||
"description": "Go to this URL after completing the form",
|
||||
|
|
@ -263,7 +267,7 @@
|
|||
{
|
||||
"fieldname": "list_setting_message",
|
||||
"fieldtype": "HTML",
|
||||
"label": "List Setting Message"
|
||||
"label": "List setting message"
|
||||
},
|
||||
{
|
||||
"fieldname": "customization_tab",
|
||||
|
|
@ -273,7 +277,7 @@
|
|||
{
|
||||
"fieldname": "success_title",
|
||||
"fieldtype": "Data",
|
||||
"label": "Success Title"
|
||||
"label": "Success title"
|
||||
},
|
||||
{
|
||||
"fieldname": "banner_image",
|
||||
|
|
@ -298,10 +302,6 @@
|
|||
"fieldname": "column_break_2",
|
||||
"fieldtype": "Column Break"
|
||||
},
|
||||
{
|
||||
"fieldname": "section_break_2",
|
||||
"fieldtype": "Section Break"
|
||||
},
|
||||
{
|
||||
"collapsible": 1,
|
||||
"collapsible_depends_on": "show_list",
|
||||
|
|
@ -349,12 +349,12 @@
|
|||
{
|
||||
"fieldname": "meta_title",
|
||||
"fieldtype": "Data",
|
||||
"label": "Meta Title"
|
||||
"label": "Meta title"
|
||||
},
|
||||
{
|
||||
"fieldname": "meta_description",
|
||||
"fieldtype": "Small Text",
|
||||
"label": "Meta Description"
|
||||
"label": "Meta description"
|
||||
},
|
||||
{
|
||||
"fieldname": "column_break_khxs",
|
||||
|
|
@ -363,7 +363,7 @@
|
|||
{
|
||||
"fieldname": "meta_image",
|
||||
"fieldtype": "Attach Image",
|
||||
"label": "Meta Image"
|
||||
"label": "Meta image"
|
||||
},
|
||||
{
|
||||
"fieldname": "column_break_vdhm",
|
||||
|
|
@ -371,14 +371,15 @@
|
|||
},
|
||||
{
|
||||
"default": "0",
|
||||
"description": "If enabled, all responses on the web form will be submitted anonymously",
|
||||
"fieldname": "anonymous",
|
||||
"fieldtype": "Check",
|
||||
"label": "Anonymous"
|
||||
"label": "Anonymous responses"
|
||||
},
|
||||
{
|
||||
"fieldname": "condition_description",
|
||||
"fieldtype": "HTML",
|
||||
"label": "Condition Description",
|
||||
"label": "Condition description",
|
||||
"options": "<p>Multiple webforms can be created for a single doctype. Add filters specific to this webform to display correct record after submission.</p><p>For Example:</p>\n<p>If you create a separate webform every year to capture feedback from employees add a \n field named year in doctype and add a filter <b>year = 2023</b></p>\n"
|
||||
},
|
||||
{
|
||||
|
|
@ -401,13 +402,33 @@
|
|||
"fieldname": "hide_footer",
|
||||
"fieldtype": "Check",
|
||||
"label": "Hide footer"
|
||||
},
|
||||
{
|
||||
"description": "Specify the domains or origins that are permitted to embed this form. Enter one domain per line (e.g., https://example.com). If no domains are specified, the form can only be embedded on the same origin.",
|
||||
"fieldname": "allowed_embedding_domains",
|
||||
"fieldtype": "Small Text",
|
||||
"label": "Allowed embedding domains"
|
||||
},
|
||||
{
|
||||
"fieldname": "access_control_section",
|
||||
"fieldtype": "Section Break",
|
||||
"label": "Access Control"
|
||||
},
|
||||
{
|
||||
"fieldname": "form_settings_section",
|
||||
"fieldtype": "Section Break",
|
||||
"label": "Form Settings"
|
||||
},
|
||||
{
|
||||
"fieldname": "column_break_hhec",
|
||||
"fieldtype": "Column Break"
|
||||
}
|
||||
],
|
||||
"has_web_view": 1,
|
||||
"icon": "icon-edit",
|
||||
"is_published_field": "published",
|
||||
"links": [],
|
||||
"modified": "2024-09-11 14:28:39.391595",
|
||||
"modified": "2024-10-21 12:04:47.314849",
|
||||
"modified_by": "Administrator",
|
||||
"module": "Website",
|
||||
"name": "Web Form",
|
||||
|
|
|
|||
|
|
@ -34,6 +34,7 @@ class WebForm(WebsiteGenerator):
|
|||
allow_incomplete: DF.Check
|
||||
allow_multiple: DF.Check
|
||||
allow_print: DF.Check
|
||||
allowed_embedding_domains: DF.SmallText | None
|
||||
anonymous: DF.Check
|
||||
apply_document_permissions: DF.Check
|
||||
banner_image: DF.AttachImage | None
|
||||
|
|
|
|||
|
|
@ -1,3 +1,4 @@
|
|||
import frappe
|
||||
from frappe.website.page_renderers.document_page import DocumentPage
|
||||
from frappe.website.router import get_page_info_from_web_form
|
||||
|
||||
|
|
@ -8,6 +9,14 @@ class WebFormPage(DocumentPage):
|
|||
if web_form:
|
||||
self.doctype = "Web Form"
|
||||
self.docname = web_form.name
|
||||
self.set_headers()
|
||||
return True
|
||||
else:
|
||||
return False
|
||||
|
||||
def set_headers(self):
|
||||
doc = frappe.get_cached_doc(self.doctype, self.docname)
|
||||
allowed_embedding_domains = doc.allowed_embedding_domains
|
||||
if allowed_embedding_domains:
|
||||
allowed_embedding_domains = allowed_embedding_domains.replace("\n", " ")
|
||||
self.headers = {"Content-Security-Policy": f"frame-ancestors 'self' {allowed_embedding_domains}"}
|
||||
|
|
|
|||
Loading…
Add table
Reference in a new issue