在 iframe 中加载 React 应用程序时删除功能策略
[英]Feature policies dropped when React app is loaded in iframe
问题描述
I'm adding a feature to a react app (app A) which loads microservices in different tabs.
我正在向反应应用程序(应用程序 A)添加一个功能,该应用程序在不同的选项卡中加载微服务。 This is a legacy system and achieves this by using <iframe src="..."> returned as a component and consumed with <Route> .这是一个遗留系统,通过使用作为组件返回并与<Route>一起使用的<iframe src="...">来实现这一点。
Now the source in question loaded in the iframe also happens to be a react app (app B).现在加载在 iframe 中的相关源也恰好是一个反应应用程序(应用程序 B)。 When I run App B standalone and log document.featurePolicy.allowedFeatures() I see 46 items, 'microphone' included.当我独立运行 App B 并记录document.featurePolicy.allowedFeatures()时,我看到 46 个项目,包括'microphone' 。 The result of the same log after being loaded in App A's iframe is 6 items: ['picture-in-picture', 'document-domain', 'sync-xhr', 'ch-ua-platform', 'ch-ua-mobile', 'ch-ua'] .相同日志在App A的iframe中加载后的结果是6条: ['picture-in-picture', 'document-domain', 'sync-xhr', 'ch-ua-platform', 'ch-ua-mobile', 'ch-ua'] 。 I have tried logging the allowed features in App A (before it loads the iframe) and it results in 46 items.我尝试在 App A 中记录允许的功能(在加载 iframe 之前),结果是 46 个项目。 So somewhere between App A calling the iframe and App B loading itself, we are losing features.因此,在 App A 调用 iframe 和 App B 加载自身之间的某个地方,我们正在失去功能。
I have searched for solutions for a while now, I have tried this on chrome and firefox and I have tried using allow='microphone' in the iframe with * and the src url but no luck.我已经搜索了一段时间的解决方案,我在 chrome 和 firefox 上试过这个,我试过在 iframe 中使用allow='microphone'和 * 和 src url,但没有运气。 For context, here is a highlighted screenshot of the properties structure of the iframe: resulting iframe prop structure对于上下文,这里是 iframe 的属性结构的突出显示屏幕截图:结果 iframe 道具结构
Any ideas what might be dropping the policies or how I might be able to enforce them in App B, seeing as I can't seem to apply them via App A's iframe.任何想法可能会放弃这些策略,或者我如何能够在 App B 中执行它们,因为我似乎无法通过 App A 的 iframe 应用它们。
Update : I have tried explicitly adding Feature-Policy and Permissions-Policy response headers to App A (tried multiple sources for validation) but I still get the same result of them being dropped in transit to App B更新:我已尝试将 Feature-Policy 和 Permissions-Policy 响应标头显式添加到 App A(尝试了多个来源进行验证),但我仍然得到相同的结果,因为它们在传输到 App B 的过程中被丢弃
Update : I have also tried other iframe properties ( allowFullscreen , tabIndex , etc) and can confirm they work, but anything under allow seems to leave an empty string in the rendered properties and pushes it into reactInternalInstance.currentElement.props as shown in the screenshot.更新:我还尝试了其他 iframe 属性( allowFullscreen 、 tabIndex等)并且可以确认它们有效,但是allow下的任何内容似乎都会在呈现的属性中留下一个空字符串并将其推送到reactInternalInstance.currentElement.props中,如屏幕截图所示. When I use allowFullscreen this also adds 1 extra item to the allowedFeatures() array in App B so that means the iframe's feature policies can be modified from App A.当我使用allowFullscreen时,这还会向 App B 中的allowedFeatures()数组添加 1 个额外项目,这意味着可以从 App A 修改 iframe 的功能策略。
1 个解决方案
解决方案1
0 2022-06-01 12:44:40
So apparently React (or my version) doesn't know about or process some attributes in iframe, allow being one of them.所以显然 React(或我的版本)不知道或处理 iframe 中的某些属性, allow成为其中之一。 However, I managed to resolve it by passing the iframe element into dangerouslySetInnerHTML attribute of the parent .但是,我设法通过将 iframe 元素传递给 parent 的dangerouslySetInnerHTML属性来解决它。
声明:本站的技术帖子网页,遵循CC BY-SA 4.0协议,如果您需要转载,请注明本站网址或者原文地址。任何问题请咨询:yoyou2525@163.com.