Merge branch 'master' into sa-graphql-token-transfers-query-2

6 years ago · 37062d31f5
parent fa09f399d8 d8ffff1b16
commit 37062d31f5
3 changed files with 20 additions and 0 deletions
--- a/apps/block_scout_web/lib/block_scout_web/plug/allow_iframe.ex
+++ b/apps/block_scout_web/lib/block_scout_web/plug/allow_iframe.ex
@ -0,0 +1,14 @@
+defmodule BlockScoutWeb.Plug.AllowIframe do
+  @moduledoc """
+  Allows for iframes by deleting the
+  [`X-Frame-Options` header](https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/X-Frame-Options)
+  """
+
+  alias Plug.Conn
+
+  def init(opts), do: opts
+
+  def call(conn, _opts) do
+    Conn.delete_resp_header(conn, "x-frame-options")
+  end
+end
--- a/apps/block_scout_web/lib/block_scout_web/router.ex
+++ b/apps/block_scout_web/lib/block_scout_web/router.ex
@ -55,8 +55,14 @@ defmodule BlockScoutWeb.Router do
    max_complexity: @max_complexity
  )

+  # Disallows Iframes (write routes)
  scope "/", BlockScoutWeb do
    pipe_through(:browser)
+  end
+
+  # Allows Iframes (read-only routes)
+  scope "/", BlockScoutWeb do
+    pipe_through([:browser, BlockScoutWeb.Plug.AllowIframe])

    resources("/", ChainController, only: [:show], singleton: true, as: :chain)

--- a/apps/block_scout_web/test/block_scout_web/controllers/tokens/inventory_controller_test.exs
+++ b/apps/block_scout_web/test/block_scout_web/controllers/tokens/inventory_controller_test.exs