Allow downloads from widgets (#7502)

Notes: Allow downloads from widgets.

We are working on a widget that allows the user to download a file (a ICS calendar entry). Right now the sandbox of the widget iframe doesn't allow downloading. Instead, the following error is displayed in the console (for Google Chrome):

```
Download is disallowed. The frame initiating or instantiating the download is sandboxed, but the flag ‘allow-downloads’ is not set. See https://www.chromestatus.com/feature/5706745674465280 for more details.
```

Therefore this PR adds `allow-downloads` to the sandbox capabilities.

Steps to reproduce:
1. Create a simple widget with an `index.html` file like, e.g.
   ```
     <a href="index.html" download>Download</a>
   ```
2. Host the widget somewhere, add it to the room and open the widget
3. Click on the download button
  * Without the fix: Nothing happens, there is a warning in the console (see above)
  * With the fix: The file is downloaded

Signed-off-by: Oliver Sand <oliver.sand@nordeck.net>
pull/21833/head
Oliver Sand 2022-01-21 00:52:06 +01:00 committed by GitHub
parent 98e1c311c4
commit 2e6f616e91
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 1 additions and 1 deletions

View File

@ -454,7 +454,7 @@ export default class AppTile extends React.Component<IProps, IState> {
// hosted on the same origin as the client will get the same access as if you clicked
// a link to it.
const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox " +
"allow-same-origin allow-scripts allow-presentation";
"allow-same-origin allow-scripts allow-presentation allow-downloads";
// Additional iframe feature pemissions
// (see - https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes and https://wicg.github.io/feature-policy/)