goldenapples
commented
8 years ago @joehoyle Care to review this for me? I think it fixes a problem we're having.
Closed goldenapples closed 8 years ago
goldenapples
commented
8 years ago @joehoyle Care to review this for me? I think it fixes a problem we're having.
joehoyle
commented
8 years ago Doh! My bad, thanks for the patch.
I assume this was the intention initially. Its important to serve these embeds from a different domain than the site login cookie is set on, so as to avoid leaking auth or other cookies to potentially untrusted embed providers. This updates the src of the iframe appropriately to keep cookies from being sent to it.
See #3