comments for some cases where sframe blocks loading

pull/1/head
ansuz 3 years ago
parent e6c51e3dff
commit 34d2ae5fd5

@ -21,6 +21,10 @@ define([
common.initIframe = function (waitFor, isRt, pathname) { common.initIframe = function (waitFor, isRt, pathname) {
if (window.top !== window) { if (window.top !== window) {
// this is triggered if the intance's HTTP headers have permitted the app
// to be loaded within an iframe, but the instance admin has not explicitly
// enabled embedding via the admin panel. Their checkup page should tell them
// how to correct this (Access-Control-Allow-Origin and CSP frame-ancestors).
if (!ApiConfig.enableEmbedding) { if (!ApiConfig.enableEmbedding) {
return void window.alert(Messages.error_embeddingDisabled); return void window.alert(Messages.error_embeddingDisabled);
} }
@ -30,7 +34,10 @@ define([
return void window.alert(Messages.error_embeddingDisabledSpecific); return void window.alert(Messages.error_embeddingDisabledSpecific);
} }
} }
// this is triggered in two situations:
// 1. a user has somehow loaded the page via an unexpected origin
// 2. the admin has configured their httpUnsafeOrigin incorrectly
// in case #2 the checkup page will advise them on correct configuration
if (window.location.origin !== ApiConfig.httpUnsafeOrigin) { if (window.location.origin !== ApiConfig.httpUnsafeOrigin) {
return void window.alert(Messages._getKey('error_incorrectAccess', [ApiConfig.httpUnsafeOrigin])); return void window.alert(Messages._getKey('error_incorrectAccess', [ApiConfig.httpUnsafeOrigin]));
} }

Loading…
Cancel
Save