Closed acelaya closed 4 months ago
For others ending up here, we have found two workarounds for this:
allow
property by using Object.defineProperty
.
const iframe = document.createElement('iframe');
iframe.allow = '...'; // Set permissions you need
Object.defineProperty(iframe, 'allow', { writable: false });
document.body.appendChild(iframe);
Element.append
instead of Element.appendChild
, as that goes through a different logic branch which does not end up overwriting the attribute.
const iframe = document.createElement('iframe');
iframe.allow = '...'; // Set permissions you need
document.body.append(iframe);
The first one could potentially throw if using strict mode, when wombat tries to set the attribute, but it's easier to reason about and document.
Yes, that was likely an oversight, can definitely just add to the existing allow attribute. Would welcome a PR if you have already tested this!
Yes, that was likely an oversight, can definitely just add to the existing allow attribute. Would welcome a PR if you have already tested this!
Thanks! I'll get something ready and sent.
@ikreymer I created the PR some time ago, as discussed https://github.com/webrecorder/wombat/pull/134
Let me know if that's the right way to go.
Sorry for the delay, made a comment on the PR now, just wondering if simpler approach would also work, otherwise can do that.
Sorry for the delay, made a comment on the PR now, just wondering if simpler approach would also work, otherwise can do that.
Thanks! I tried to clarify the reason I implemented it in that way. Let me know what you think.
Thanks for the updated PR. Released in 3.7.1!
We have just noticed wombat is overwriting the
allow
attribute on iframes, instead of adding permissions on top of it. See https://github.com/webrecorder/wombat/blob/e75780e50aae36f0cb72ec0f41f2f5e208d03658/src/wombat.js#L1658In our case, we have some logic that creates iframes with other permissions that needs to be kept. Ideally (unless I'm missing something) wombat should add
autoplay 'self'
andfullscreen 'self'
on top of whatever is already set.We can provide a PR changing this logic, unless there's a reason for this behavior.