filestash icon indicating copy to clipboard operation
filestash copied to clipboard

Published 20 hours ago • verified publisher icon mickael-kerjean

[bug] Not able to use filestash inside iframe

Open alanmilinovic opened this issue 2 years ago • 7 comments

Description of the bug

Tried to include it in Home assistant but getting error. Refused to frame because an ancestor violates the following Content Security Policy directive: "frame-ancestors.

Step by step instructions to reproduce the bug

Simply try to use it in any iframe html element.

Can you replicate that error from the demo?

Cannot be tested as demo is working over https, that is a different behaviour and problem.

Observed behavior

Framing filestash in iframe should be allowed in my opinion.

alanmilinovic avatar Dec 04 '22 22:12 alanmilinovic

Iframe is blocked by default because it would open your instance to clickjacking attacks. That's the reason this exists: image essentially you need to opt in to iframe to avoid the security issue and that's how it was setup on the main website

mickael-kerjean avatar Dec 07 '22 22:12 mickael-kerjean

When I use domain with port it is working. But when I use ip with the port I get dead screen with cat.

alanmilinovic avatar Dec 07 '22 23:12 alanmilinovic

Also login is not working (not Authorised) once I add domains. It doesn't matter if I try within iframe or direct url, as soon as iframe property is filed, login stop working.

alanmilinovic avatar Dec 07 '22 23:12 alanmilinovic

Any idea what could be wrong? Do you have enough information for testing?

alanmilinovic avatar Dec 10 '22 18:12 alanmilinovic

Is this planned to be fixed in near future?

alanmilinovic avatar Jan 10 '23 06:01 alanmilinovic

Any news?

alanmilinovic avatar Feb 01 '23 12:02 alanmilinovic

This issue has been automatically marked as stale because it has not had recent activity. It will be closed if no further activity occurs. Thank you for your contributions.

stale[bot] avatar Jun 18 '23 14:06 stale[bot]