From 1ced0c5fe1d2c95d5fa7e775b8e42f16b76d664c Mon Sep 17 00:00:00 2001 From: gabriellsh Date: Fri, 15 Sep 2023 15:58:49 -0300 Subject: [PATCH] POC --- apps/meteor/server/main.ts | 1 + apps/meteor/server/routes/iframeLogin.ts | 50 ++++++++++++++++++++++++ 2 files changed, 51 insertions(+) create mode 100644 apps/meteor/server/routes/iframeLogin.ts diff --git a/apps/meteor/server/main.ts b/apps/meteor/server/main.ts index 5579261911f5..9a7c4fb1043b 100644 --- a/apps/meteor/server/main.ts +++ b/apps/meteor/server/main.ts @@ -75,6 +75,7 @@ import './publications/spotlight'; import './publications/subscription'; import './routes/avatar'; import './routes/health'; +import './routes/iframeLogin'; import './routes/i18n'; import './routes/timesync'; import './routes/userDataDownload'; diff --git a/apps/meteor/server/routes/iframeLogin.ts b/apps/meteor/server/routes/iframeLogin.ts new file mode 100644 index 000000000000..8abf8941862e --- /dev/null +++ b/apps/meteor/server/routes/iframeLogin.ts @@ -0,0 +1,50 @@ +import { randomUUID } from 'crypto'; + +import { WebApp } from 'meteor/webapp'; + +const response = (nonce: string) => ` + + + + Web Page with Message Event + + + + +`; + +WebApp.rawConnectHandlers.use('/iframeLogin', async (_req, res) => { + res.setHeader('Cache-Control', 'public, max-age=31536000'); + res.setHeader('Content-Type', 'text/html; charset=utf-8'); + + const nonce = randomUUID(); + + res.setHeader('Content-Security-Policy', `script-src 'nonce-${nonce}'`); + + res.writeHead(200); + res.end(response(nonce)); +});