Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

chore: simulate cross-origin iframe in editor demo page #4460

Merged
merged 4 commits into from
Feb 10, 2025
Merged

chore: simulate cross-origin iframe in editor demo page #4460

merged 4 commits into from
Feb 10, 2025

Conversation

LarsTheGlidingSquirrel
Copy link
Member

@LarsTheGlidingSquirrel LarsTheGlidingSquirrel commented Feb 5, 2025
edited
Loading

The editor preview page is wrapped in an iframe where the embed using a subdomain. This simulates the cross-origin iframe embedding we have in the LTI integrations.

With this, we can quickly check if editor code changes also work in the LTI world. Also, we can quickly test iframe security attributes like sandbox and allow.

Unexpectedly, hot reload still works even though we are in an iframe. 🥳

However, the state is not added to the browser address bar.

@vercel Vercel
Copy link

vercel bot commented Feb 5, 2025
edited
Loading

The latest updates on your projects. Learn more about Vercel for Git ↗︎

Name Status Preview Updated (UTC)
frontend ✅ Ready (Inspect) Visit Preview Feb 6, 2025 0:50am

@github-actions GitHub Actions
Copy link
Contributor

github-actions bot commented Feb 5, 2025
edited
Loading

📦 Next.js Bundle Analysis for @serlo/frontend

This analysis was generated by the Next.js Bundle Analysis action. 🤖

This PR introduced no changes to the JavaScript bundle! 🙌

@elbotho
Copy link
Member

elbotho commented Feb 5, 2025
edited
Loading

Could you give a simple example of something that works same-origin but would fail with the new setup (for testing)?

@LarsTheGlidingSquirrel
Copy link
Member Author

LarsTheGlidingSquirrel commented Feb 6, 2025
edited
Loading

Could you give a simple example of something that works same-origin but would fail with the new setup (for testing)?

The interactive video worked fine in same-origin, but got stuck in loading for cross-origin. Maybe that is easy to test.
Also:

  • Access to local storage should be restricted for cross-origin, but I have not tested that yet.
  • Setting cookies behaves differently

elbotho
elbotho approved these changes Feb 10, 2025
View reviewed changes
Copy link
Member

@elbotho elbotho left a comment

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

👍

@elbotho elbotho merged commit 97b4bbb into staging Feb 10, 2025
8 checks passed
@elbotho elbotho deleted the cross-origin-iframe-simulation branch February 10, 2025 10:40
@github-actions github-actions bot mentioned this pull request Feb 10, 2025
Merged
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Reviewers

@elbotho elbotho elbotho approved these changes

@hejtful hejtful Awaiting requested review from hejtful

Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

Successfully merging this pull request may close these issues.
2 participants
@LarsTheGlidingSquirrel @elbotho