dennii/Termix
1
0
Fork 0
Code Issues Pull Requests 2 Actions Packages Projects Releases 22 Wiki Activity

v1.8.0 #429

Merged
LukeGus merged 198 commits from dev-1.8.0 into main 2025-11-05 16:36:16 +00:00
Conversation 0 Commits 198 Files Changed 196 +40 -3
3 changed files with 40 additions and 3 deletions
Download Patch File Download Diff File Expand all files Collapse all files
Showing only changes of commit 79419420bf - Show all commits

4
docker/nginx.conf
View File

@@ -23,13 +23,15 @@ http {
listen ${PORT};
server_name localhost;
add_header X-Frame-Options DENY always;
# X-Frame-Options removed to allow Electron iframe embedding
# add_header X-Frame-Options DENY always;
add_header X-Content-Type-Options nosniff always;
add_header X-XSS-Protection "1; mode=block" always;
location / {
root /usr/share/nginx/html;
index index.html index.htm;
try_files $uri $uri/ /index.html;
}
location ~* \.map$ {

35
electron/main.cjs
View File

@@ -64,6 +64,41 @@ function createWindow() {
mainWindow.loadFile(indexPath);
}
// Allow iframes to load from any origin by removing X-Frame-Options headers
mainWindow.webContents.session.webRequest.onHeadersReceived(
(details, callback) => {
const headers = details.responseHeaders;
// Remove headers that block iframe embedding
if (headers) {
delete headers["x-frame-options"];
delete headers["X-Frame-Options"];
// Modify CSP to allow framing
if (headers["content-security-policy"]) {
headers["content-security-policy"] = headers["content-security-policy"]
.map(value => value.replace(/frame-ancestors[^;]*/gi, ''))
.filter(value => value.trim().length > 0);
if (headers["content-security-policy"].length === 0) {
delete headers["content-security-policy"];
}
}
if (headers["Content-Security-Policy"]) {
headers["Content-Security-Policy"] = headers["Content-Security-Policy"]
.map(value => value.replace(/frame-ancestors[^;]*/gi, ''))
.filter(value => value.trim().length > 0);
if (headers["Content-Security-Policy"].length === 0) {
delete headers["Content-Security-Policy"];
}
}
}
callback({ responseHeaders: headers });
}
);
mainWindow.once("ready-to-show", () => {
mainWindow.show();
});

4
src/ui/Desktop/Authentication/ElectronLoginForm.tsx
View File

@@ -326,8 +326,8 @@ export function ElectronLoginForm({
src={serverUrl}
className="w-full h-full border-0"
title="Server Authentication"
sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-storage-access-by-user-activation allow-top-navigation allow-top-navigation-by-user-activation"
allow="clipboard-read; clipboard-write; cross-origin-isolated"
sandbox="allow-same-origin allow-scripts allow-forms allow-popups allow-popups-to-escape-sandbox allow-storage-access-by-user-activation allow-top-navigation allow-top-navigation-by-user-activation allow-modals allow-downloads"
allow="clipboard-read; clipboard-write; cross-origin-isolated; camera; microphone; geolocation"
/>
</div>
</div>