viktor/infra
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions

[ci skip] Sandbox proxy iframe to prevent frame-busting

Browse source 
Add sandbox attribute to prevent proxied pages from navigating
top.location or replacing the parent page body. Allows scripts,
same-origin, forms, popups, and presentation but blocks
top-navigation.
This commit is contained in:
Viktor Barzin 2026-02-21 21:25:51 +00:00
parent 450dfc28e4
commit fd7f22d8cc
No known key found for this signature in database
GPG key ID: 0EB088298288D958
2 changed files with 3 additions and 2 deletions
Download patch file Download diff file Expand all files Collapse all files

3
modules/kubernetes/f1-stream/files/static/js/streams.js
View file

@ -362,10 +362,11 @@ function openBrowserSession(streamId, streamTitle, streamURL) {
// Remove any existing iframe // Remove any existing iframe
contentEl.querySelectorAll('.browser-iframe').forEach(el => el.remove()); contentEl.querySelectorAll('.browser-iframe').forEach(el => el.remove());
// Create iframe // Create iframe with sandbox to prevent frame-busting and top-navigation
const iframe = document.createElement('iframe'); const iframe = document.createElement('iframe');
iframe.src = proxyURL; iframe.src = proxyURL;
iframe.className = 'browser-iframe'; iframe.className = 'browser-iframe';
iframe.setAttribute('sandbox', 'allow-scripts allow-same-origin allow-forms allow-popups allow-popups-to-escape-sandbox allow-presentation');
iframe.setAttribute('allowfullscreen', ''); iframe.setAttribute('allowfullscreen', '');
iframe.onload = function() { iframe.onload = function() {
loader.classList.add('hidden'); loader.classList.add('hidden');

2
modules/kubernetes/f1-stream/main.tf
View file

@ -37,7 +37,7 @@ resource "kubernetes_deployment" "f1-stream" {
} }
spec { spec {
container { container {
image = "viktorbarzin/f1-stream:v1.2.3" image = "viktorbarzin/f1-stream:v1.2.4"
name = "f1-stream" name = "f1-stream"
resources { resources {
limits = { limits = {