Add noop setter to sidebar iframe allow attribute

hypothesis · Feb 23, 2024 · 3e8d9d6 · 3e8d9d6
1 parent ef21b69
commit 3e8d9d6
Show file tree

Hide file tree

Showing 2 changed files with 9 additions and 5 deletions.
diff --git a/src/annotator/sidebar.tsx b/src/annotator/sidebar.tsx
@@ -89,9 +89,12 @@ export function createSidebarIframe(config: SidebarConfig): HTMLIFrameElement {
 
   // In viahtml, pywb uses wombat.js, which monkey-patches some JS methods.
   // One of those causes the `allow` attribute to be overwritten, so we want to
-  // make it non-writable to preserve the permissions we set above.
+  // define a noop setter to preserve the permissions we set above.
+  // We can remove this workaround once pywb has been updated to use the latest
+  // version of wombat.js, which includes a fix for this.
+  // See https://github.com/webrecorder/wombat/pull/134
   return Object.defineProperty(sidebarFrame, 'allow', {
-    writable: false,
+    set: () => {},
   });
 }
 

diff --git a/src/annotator/test/sidebar-test.js b/src/annotator/test/sidebar-test.js
@@ -1142,10 +1142,11 @@ describe('Sidebar', () => {
   describe('createSidebarIframe', () => {
     it('does not let `allow` attribute to be overwritten', () => {
       const iframe = createSidebarIframe({ sidebarAppUrl: 'https://foo.com' });
+      const initialAllow = iframe.allow;
 
-      assert.throws(() => {
-        iframe.allow = 'something else';
-      }, "Cannot assign to read only property 'allow' of object '#<HTMLIFrameElement>'");
+      iframe.allow = 'something else';
+
+      assert.equal(iframe.allow, initialAllow);
     });
   });
 });