Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

X-Frame-Options always set to deny #549

Closed
louishuyng opened this issue Nov 10, 2023 · 8 comments
Closed

X-Frame-Options always set to deny #549

louishuyng opened this issue Nov 10, 2023 · 8 comments
Labels
bug Something isn't working

Comments

@louishuyng
Copy link
Contributor

louishuyng commented Nov 10, 2023
edited
Loading

Before opening an issue please make sure you have consulted the Lookbook documentation (in particular the Troubleshooting section) and have checked the existing issues to see if this has already been reported.

Describe the bug

In the line where I debug, there is a condition headers["X-Frame-Options"] == "DENY". To change headers["X-Frame-Options"] back to "SAMEORIGIN"

The condition can not run because the value of headers["X-Frame-Options"] is in lowercase value "deny"

Source code: https://github.dev/ViewComponent/lookbook/blob/main/app/controllers/lookbook/previews_controller.rb

To Reproduce

Steps to reproduce the behavior:

I think we can add some changes like below to prevent this bug happening
From: headers["X-Frame-Options"] == "DENY"
To: headers["X-Frame-Options"].downcase == "deny"

 def permit_framing
    headers["X-Frame-Options"] = Lookbook.config.preview_embeds.policy if embedded?
    headers["X-Frame-Options"] = "SAMEORIGIN" if headers["X-Frame-Options"].downcase == "DENY"
  end

Expected behavior

It should set headers["X-Frame-Options"] to "SAMEORIGIN"

Screenshots

image

Version numbers

Please complete the following information:

  • Lookbook: 2.1.1
  • ViewComponent: 2.64.0
  • Rails: 7.0.4
  • Ruby: 3.2.1

Additional context

Add any other context about the problem here.
@louishuyng louishuyng added the bug Something isn't working label Nov 10, 2023
@allmarkedup
Copy link
Collaborator

Hey @louishuyng, many thanks for this. I think it definitely makes sense to normalize the strings to lower or uppercase before comparing them here.

Would you be happy to open a PR with your suggested change?

@louishuyng louishuyng mentioned this issue Nov 22, 2023
Merged
@louishuyng
Copy link
Contributor Author

@allmarkedup here is the PR for that: #554. I guess it just small changes there is enough for fixing this issue

@allmarkedup
Copy link
Collaborator

@louishuyng merged now :) Many thanks for your time on this, much appreciated.

@adrienpoly
Copy link
Contributor

@louishuyng I am getting an error now when I upgraded to 2.20

CleanShot 2023-11-27 at 10 58 22@2x

@louishuyng
Copy link
Contributor Author

@adrienpoly could you help to contribute for that. I believe we just simply check nil for that before calling upcase method

headers["X-Frame-Options"]&.upcase == "DENY"

@adrienpoly
Copy link
Contributor

I will test it, I am pretty sure your proposal should fix it

@adrienpoly
Copy link
Contributor

@louishuyng yes it does fix the issue

@adrienpoly adrienpoly mentioned this issue Nov 28, 2023
Merged
@adrienpoly
Copy link
Contributor

I opened #561 to fix that

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
bug Something isn't working
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@allmarkedup @adrienpoly @louishuyng