You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The /toolbar/:org/:project/iframe/ view (not /login-success/) page should check that the referer header matches with the list of saved "Allowed Origins" within the project settings. This happens after the user is logged in.
We have the project url parameter, so we should be able to lookup the allow list. Project name/slug/id should all be supported in the url. Wildcard subdomains are possible in the allowlist, the port must match too if specified.
If the domain is allowed then we'll pass a variable into the template to indicate that. domain_is_allowed = True
Else, if the domain is not allowed, then the variable will be set to something else. domain_is_allowed = True
The specific variable doesn't super matter, what matters is:
we're doing the check
can see the result of the check in the template
In the future we might have two templates, one for each case. But at this point there's no need.
The
/toolbar/:org/:project/iframe/
view (not/login-success/
) page should check that thereferer
header matches with the list of saved "Allowed Origins" within the project settings. This happens after the user is logged in.We have the
project
url parameter, so we should be able to lookup the allow list. Project name/slug/id should all be supported in the url. Wildcard subdomains are possible in the allowlist, the port must match too if specified.If the domain is allowed then we'll pass a variable into the template to indicate that.
domain_is_allowed = True
Else, if the domain is not allowed, then the variable will be set to something else.
domain_is_allowed = True
The specific variable doesn't super matter, what matters is:
In the future we might have two templates, one for each case. But at this point there's no need.
Depends on #77213
The text was updated successfully, but these errors were encountered: