Comments (10)
I'll look into it. Do you know which specific sandbox options that would work with your desired content, while not breaking anything for other applications such as PlexPy, NzbGet and others?
The easiest is to do a "catch all" that applies the same sandbox settings to all iframes - having it be a config option would probably make the config even more confusing (though I'm expecting some administration GUI to be merged into Muximux after the work of @SyNiK4L).
Do you have examples of web interfaces that require sandbox mode? I know TPB breaks out of iframes, but I'd be glad if I knew which web interfaces to test against.
from muximux.
Maybe you could just have a config option that lets you set a string of flags to send, so it would be up to the user to add the options they want... like:
iframe_sandbox_opts = "allow-forms allow-pointer-lock".
Then the PHP code could simply put that option (if provided) inside the sandbox= option of the iframe for each entry.
from muximux.
@evanmj - absolutely - I just don't want to make the config to confusing, so if there was something that would work for everyone, that'd be great. I haven't fiddled with sandbox options previously, so I'm not aware of the drawbacks of each option.
If it turns out there's no one single setting that would work for everything, I'll do just what you described.
from muximux.
Just tested sandbox="allow-forms allow-same-origin allow-pointer-lock allow-scripts"
which fixes the problem described in #8 , however - before pushing this, could @creoden verify either by supplying a link to a website/web frontend that I can test on (that currently breaks), or if you could modify muximux.php on your end to include sandbox=\"allow-forms allow-same-origin allow-pointer-lock allow-scripts\"
on the iframes to see if that solves your case. If it works, I'll push this asap.
I've tested this with Pydio, Sonarr, CouchPotato, ruTorrent, NZBGet, Headphones, NZBHydra, Plex, Netflix, ThePirateBay and PlexRequests without a problem.
from muximux.
The problem with using sandbox with everything is that it will prevent you from a submitting any changes on a page.
For most pages it isn't needed but for a few media streamers I have (all internal) they don't like iFrames, and by using sandbox it prevents them from breaking out of them. The options I use on the iframe is sandbox="allow-forms allow-scripts allow-same-origin" ., which does the following
allow-forms Re-enables form submission
allow-scripts Re-enables scripts
allow-same-origin Allows the iframe content to be treated as being from the same origin
Allow-same-origin is needed as my media streamers are on a different subnet and breaks some of the interactions.
one page I have found that is a good example is http://www.pogdesign.co.uk/cat/ try loading that in an iframe...
from muximux.
I was under the impression that doing sandbox="allow-forms"
re-enables the ability to submit changes (i.e POST data).
<iframe sandbox="allow-forms allow-same-origin allow-pointer-lock allow-scripts" allowfullscreen="true" webkitallowfullscreen="true" mozallowfullscreen="true" scrolling="auto" src="https://www.pogdesign.co.uk/cat/"></iframe>
seems to be working beautifully for me, or is there some specific action you can not do? What webbrowser are you using?
from muximux.
Nope, you are correct, allow-forms fixes the submission issue, Sorry I was going back to running everything in a sandbox environment although might not break anything right now, isn't always the best option, and that using something like @evanmj said with "iframe_sandbox_opts =" might break more things if users didn't put in the appropriate options, one being sandbox="allow-forms"
and yea, thats pretty much what I was using for accessing my media streamers in an iframe
from muximux.
I'll push 2 changes and close this issue (you're free to re-open if it turns out the issue persists).
The 2 changes are:
style.css:
Add background color (white) to iframes - it defaults to transparent in webkit, which makes some sites such as kat.cr look awkwardly because they hadn't defined a background-color (they rely on default rendered background to be white).
muximux.php:
Add iframe sandbox="allow-forms allow-same-origin allow-pointer-lock allow-scripts"
from muximux.
Thats perfect!
from muximux.
Looks like the sandbox option possibly breaks sabnzbd, it doesn't allow me to clear errors from the web interface, and something is preventing its popups, as discussed in the chat, adding allow-modals and allow-popups resolves this
from muximux.
Related Issues (20)
- Muximux hangs forever
- Disable updates by adding override file
- multi-user config selection HOT 2
- Keyboard focus on guacamole
- Requesting http instead of https HOT 1
- Project Abandoned? HOT 3
- Settings.ini.php error HOT 4
- IMDB list is not syncing HOT 1
- Composer problem HOT 1
- Unable to connect to Sabnzbd HOT 3
- Muximux docker cert error HOT 1
- Home icon missing in Splash screen
- Question: Which URL should I be using? HOT 2
- Plex in Muximux not working HOT 1
- Add overseerr icon
- Muximux tries to load assets from root instead of subdirectory
- Manually input colour values?
- Reduce padding left and right of app icons
- settings.ini.php corruption HOT 2
- Docker image by linuxserver deprecated
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from muximux.