Embeddable form as a nuxt middleware

This commit is contained in:
Julien Nahum 2024-01-12 11:35:50 +01:00
parent 838ddcf2e7
commit 198aac246c
3 changed files with 9 additions and 39 deletions

View File

@ -4,7 +4,6 @@ namespace App\Http;
use App\Http\Middleware\AuthenticateJWT; use App\Http\Middleware\AuthenticateJWT;
use App\Http\Middleware\CustomDomainRestriction; use App\Http\Middleware\CustomDomainRestriction;
use App\Http\Middleware\EmbeddableForms;
use App\Http\Middleware\IsAdmin; use App\Http\Middleware\IsAdmin;
use App\Http\Middleware\IsNotSubscribed; use App\Http\Middleware\IsNotSubscribed;
use App\Http\Middleware\IsSubscribed; use App\Http\Middleware\IsSubscribed;
@ -46,12 +45,10 @@ class Kernel extends HttpKernel
\Illuminate\View\Middleware\ShareErrorsFromSession::class, \Illuminate\View\Middleware\ShareErrorsFromSession::class,
\App\Http\Middleware\VerifyCsrfToken::class, \App\Http\Middleware\VerifyCsrfToken::class,
\Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Routing\Middleware\SubstituteBindings::class,
EmbeddableForms::class
], ],
'spa' => [ 'spa' => [
\Illuminate\Routing\Middleware\SubstituteBindings::class, \Illuminate\Routing\Middleware\SubstituteBindings::class,
EmbeddableForms::class
], ],
'api' => [ 'api' => [

View File

@ -1,36 +0,0 @@
<?php
namespace App\Http\Middleware;
use Closure;
use Illuminate\Http\Response;
class EmbeddableForms
{
/**
* Handle an incoming request.
*
* @param \Illuminate\Http\Request $request
* @param \Closure $next
*
* @return mixed
*/
public function handle($request, Closure $next)
{
if ($request->expectsJson() || $request->wantsJson()) {
return $next($request);
}
$response = $next($request);
if (!str_starts_with($request->url(), url('/forms/'))) {
if ($response instanceof Response) {
$response->header('X-Frame-Options', 'SAMEORIGIN');
} elseif ($response instanceof \Symfony\Component\HttpFoundation\Response) {
$response->headers->set('X-Frame-Options', 'SAMEORIGIN');
}
}
return $response;
}
}

9
client/server/plugins/embeddable.js vendored Normal file
View File

@ -0,0 +1,9 @@
export default defineNitroPlugin(nitroApp => {
nitroApp.hooks.hook('render:response', (response, { event }) => {
const routePath= event.context.params._
if (!routePath.startsWith('forms/')) {
// Only allow embedding of forms
response.headers['X-Frame-Options'] = 'sameorigin'
}
})
})