From 2b7f8aa6d0bb55d80a1e9db96d2d221e55013b2c Mon Sep 17 00:00:00 2001 From: Irakli Gozalishvili Date: Wed, 23 Apr 2025 08:41:25 -0700 Subject: [PATCH 1/7] chore: move bootstrap code into own script --- charm/src/iframe/static.ts | 456 +--------------- .../public/module/charm/sandbox/bootstrap.js | 502 ++++++++++++++++++ jumble/vite.config.ts | 1 + scripts/build-binaries.ts | 5 +- toolshed/routes/frontend/frontend.index.ts | 9 + 5 files changed, 520 insertions(+), 453 deletions(-) create mode 100644 jumble/public/module/charm/sandbox/bootstrap.js diff --git a/charm/src/iframe/static.ts b/charm/src/iframe/static.ts index 5f8c3c830..0d714053e 100644 --- a/charm/src/iframe/static.ts +++ b/charm/src/iframe/static.ts @@ -14,6 +14,8 @@ const libraries = { "https://esm.sh/@use-gesture/react@10.3.0?external=react", "uuid": "https://esm.sh/uuid@11.0.1", "tone": "https://esm.sh/tone@15.0.4", + "common-tools/charm/sandbox/bootstrap": + new URL("/module/charm/sandbox/bootstrap.js", import.meta.url).href, }, }; @@ -35,457 +37,9 @@ ${JSON.stringify(libraries)} - + - - - + From 606147302bc1ceb99abbd9ec5ba4c71438c6b5f0 Mon Sep 17 00:00:00 2001 From: Irakli Gozalishvili Date: Wed, 23 Apr 2025 11:03:19 -0700 Subject: [PATCH 7/7] chore: add comment for the CORS setup --- toolshed/routes/frontend/frontend.index.ts | 3 +++ 1 file changed, 3 insertions(+) diff --git a/toolshed/routes/frontend/frontend.index.ts b/toolshed/routes/frontend/frontend.index.ts index 347e4089e..5a413cfb6 100644 --- a/toolshed/routes/frontend/frontend.index.ts +++ b/toolshed/routes/frontend/frontend.index.ts @@ -9,6 +9,9 @@ const router = createRouter(); router.use( "*", + // Setup CORS so that modules imported from sandboxed null-origin iframe are rejected. + // Specifically we need this to be able to import ./jumble/public/module/charm/sandbox/bootstrap.js + // from sandboxed iframe cors({ origin: "*", allowMethods: ["GET", "OPTIONS"],