libre.sh/keycloak-scim
3
0
Fork 0
Code Issues 15 Pull requests Releases 1 Packages Activity Actions

Use sandbox attibute for iframes created by Keycloak JS (#20544)

Browse source
This commit is contained in:
Jon Koops 2023-05-25 11:47:23 +02:00 committed by GitHub
parent c86254972b
commit df9cf53d2b
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23
1 changed files with 3 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

3
js/libs/keycloak-js/src/keycloak.js
View file

@ -187,6 +187,7 @@ function Keycloak (config) {
var ifrm = document.createElement("iframe");
var src = kc.createLoginUrl({prompt: 'none', redirectUri: kc.silentCheckSsoRedirectUri});
ifrm.setAttribute("src", src);
ifrm.setAttribute("sandbox", "allow-scripts allow-same-origin");
ifrm.setAttribute("title", "keycloak-silent-check-sso");
ifrm.style.display = "none";
document.body.appendChild(ifrm);
@ -1202,6 +1203,7 @@ function Keycloak (config) {
var src = kc.endpoints.checkSessionIframe();
iframe.setAttribute('src', src );
iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin');
iframe.setAttribute('title', 'keycloak-session-iframe' );
iframe.style.display = 'none';
document.body.appendChild(iframe);
@ -1274,6 +1276,7 @@ function Keycloak (config) {
if (loginIframe.enable || kc.silentCheckSsoRedirectUri) {
var iframe = document.createElement('iframe');
iframe.setAttribute('src', kc.endpoints.thirdPartyCookiesIframe());
iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin');
iframe.setAttribute('title', 'keycloak-3p-check-iframe' );
iframe.style.display = 'none';
document.body.appendChild(iframe);