libreoffice-online/loleaflet/html
Mert Tumer 70f573f3b2 Implemented an option to pass PostMessageOrigin
External apps load loolwsd inside the iframe
and loolwsd makes postmessages to parent window.
We receive the postMessageOrigin from checkfileInfo yet
we still send some messages before we even go to the WOPI Api
in that case, if parent window runs on a different domain, we
end up with CORS blocking by the browser. To prevent that we can
allow safely passing the origin inside the first post like access_token
and sanitize it with Poco::URI::encode.

Signed-off-by: Mert Tumer <mert.tumer@collabora.com>
Change-Id: I5724f2d103603a599d45b7f61da81fb30834ef0e
2021-09-07 10:36:07 +02:00
..
framed.doc.html
framed.html
load.doc.html
loleaflet-help.html
loleaflet.html.m4
multidocs.html
signing-identities.html