Add noop setter to sidebar iframe allow attribute

3e8d9d68 · Alejandro Celaya · Alejandro Celaya · ef21b690 · 3e8d9d68 · 3e8d9d68
Commit 3e8d9d68 authored Feb 22, 2024 by Alejandro Celaya Committed by Alejandro Celaya Feb 23, 2024
Show whitespace changes
Inline Side-by-side

Showing with 9 additions and 5 deletions

sidebar.tsx src/annotator/sidebar.tsx +5 -2

sidebar-test.js src/annotator/test/sidebar-test.js +4 -3

No files found.
--- a/src/annotator/sidebar.tsx
+++ b/src/annotator/sidebar.tsx
@@ -89,9 +89,12 @@ export function createSidebarIframe(config: SidebarConfig): HTMLIFrameElement {

  // In viahtml, pywb uses wombat.js, which monkey-patches some JS methods.
  // One of those causes the `allow` attribute to be overwritten, so we want to
-  // make it non-writable to preserve the permissions we set above.
+  // define a noop setter to preserve the permissions we set above.
+  // We can remove this workaround once pywb has been updated to use the latest
+  // version of wombat.js, which includes a fix for this.
+  // See https://github.com/webrecorder/wombat/pull/134
  return Object.defineProperty(sidebarFrame, 'allow', {
-    writable: false,
+    set: () => {},
  });
 }


--- a/src/annotator/test/sidebar-test.js
+++ b/src/annotator/test/sidebar-test.js
@@ -1142,10 +1142,11 @@ describe('Sidebar', () => {
  describe('createSidebarIframe', () => {
    it('does not let `allow` attribute to be overwritten', () => {
      const iframe = createSidebarIframe({ sidebarAppUrl: 'https://foo.com' });
+      const initialAllow = iframe.allow;

-      assert.throws(() => {
      iframe.allow = 'something else';
-      }, "Cannot assign to read only property 'allow' of object '#<HTMLIFrameElement>'");
+
+      assert.equal(iframe.allow, initialAllow);
    });
  });
 });