Merge pull request #1970 from jejbq/v2-master

Added iframe allow options

api/classes/organizr.class.php

@@ -2417,6 +2417,7 @@ class Organizr
 				$this->settingsOption('input', 'traefikDomainOverride', ['label' => 'Traefik Domain for Return Override', 'help' => 'Please use a FQDN on this URL Override', 'placeholder' => 'http(s)://domain']),
 				$this->settingsOption('select', 'debugAreaAuth', ['label' => 'Minimum Authentication for Debug Area', 'options' => $this->groupSelect(), 'settings' => '{}']),
 				$this->settingsOption('multiple', 'sandbox', ['override' => 12, 'label' => 'iFrame Sandbox', 'help' => 'WARNING! This can potentially mess up your iFrames', 'options' => $this->sandboxOptions()]),
+				$this->settingsOption('multiple', 'iframeAllow', ['override' => 12, 'label' => 'iFrame Allow', 'help' => 'WARNING! This can potentially mess up your iFrames', 'options' => $this->iframeAllowOptions()]),
 				$this->settingsOption('multiple', 'blacklisted', ['override' => 12, 'label' => 'Blacklisted IP\'s', 'help' => 'WARNING! This will block anyone with these IP\'s', 'options' => $this->makeOptionsFromValues($this->config['blacklisted']), 'settings' => '{tags: true}']),
 				$this->settingsOption('code-editor', 'blacklistedMessage', ['mode' => 'html']),
 			],
@@ -4434,6 +4435,7 @@ class Organizr
 				'debugArea' => $this->qualifyRequest($this->config['debugAreaAuth']),
 				'debugErrors' => $this->config['debugErrors'],
 				'sandbox' => $this->config['sandbox'],
+				'iframeAllow' => $this->config['iframeAllow'],
 				'expandCategoriesByDefault' => $this->config['expandCategoriesByDefault'],
 				'autoCollapseCategories' => $this->config['autoCollapseCategories'],
 				'autoExpandNavBar' => $this->config['autoExpandNavBar'],

api/config/default.php

@@ -464,6 +464,7 @@ return [
 	'localIPTo' => '',
 	'localIPList' => '',
 	'sandbox' => 'allow-presentation,allow-forms,allow-same-origin,allow-pointer-lock,allow-scripts,allow-popups,allow-modals,allow-top-navigation,allow-downloads,allow-orientation-lock,allow-popups-to-escape-sandbox,allow-top-navigation-by-user-activation',
+	'iframeAllow' => 'fullscreen,autoplay,clipboard-read,clipboard-write,camera,microphone,speaker-selection,display-capture,web-share,encrypted-media,picture-in-picture',
 	'description' => 'Organizr - Accept no others',
 	'debugErrors' => false,
 	'healthChecksURL' => 'https://healthchecks.io/api/v1/checks/',

api/functions/option-functions.php

@@ -645,6 +645,108 @@ trait OptionsFunction
 		];
 	}
 
+	public function iframeAllowOptions()
+	{
+		return [
+			[
+				'name' => 'Allow Clipboard Read',
+				'value' => 'clipboard-read'
+			],
+			[
+				'name' => 'Allow Clipboard Write',
+				'value' => 'clipboard-write'
+			],
+			[
+				'name' => 'Allow Camera',
+				'value' => 'camera'
+			],
+			[
+				'name' => 'Allow Microphone',
+				'value' => 'microphone'
+			],
+			[
+				'name' => 'Allow Speaker Selection',
+				'value' => 'speaker-selection'
+			],
+			[
+				'name' => 'Allow Encrypted Media',
+				'value' => 'encrypted-media'
+			],
+			[
+				'name' => 'Allow Web Share',
+				'value' => 'web-share'
+			],
+			[
+				'name' => 'Allow Capture the Screen',
+				'value' => 'display-capture'
+			],
+			[
+				'name' => 'Allow Screen Wake Lock',
+				'value' => 'screen-wake-lock'
+			],
+			[
+				'name' => 'Allow Geolocation',
+				'value' => 'geolocation'
+			],
+			[
+				'name' => 'Allow Autoplay Media',
+				'value' => 'autoplay'
+			],
+			[
+				'name' => 'Allow USB',
+				'value' => 'usb'
+			],
+			[
+				'name' => 'Allow MIDI',
+				'value' => 'midi'
+			],
+			[
+				'name' => 'Allow Fullscreen',
+				'value' => 'fullscreen'
+			],
+			[
+				'name' => 'Allow Payment',
+				'value' => 'payment'
+			],
+			[
+				'name' => 'Allow Picture-in-Picture',
+				'value' => 'picture-in-picture'
+			],
+			[
+				'name' => 'Allow Gamepad',
+				'value' => 'gamepad'
+			],
+			[
+				'name' => 'Allow WebXR Spatial Tracking (VR)',
+				'value' => 'xr-spatial-tracking'
+			],
+			[
+				'name' => 'Allow Accelerometer Sensor',
+				'value' => 'accelerometer'
+			],
+			[
+				'name' => 'Allow Gyroscope Sensor',
+				'value' => 'gyroscope'
+			],
+			[
+				'name' => 'Allow Magnetometer Sensor',
+				'value' => 'magnetometer'
+			],
+			[
+				'name' => 'Allow Ambient Light Sensor',
+				'value' => 'ambient-light-sensor'
+			],
+			[
+				'name' => 'Allow Battery Status',
+				'value' => 'battery'
+			],
+			[
+				'name' => 'Allow Sync XMLHttpRequest',
+				'value' => 'sync-xhr'
+			],
+		];
+	}
+
 	public function calendarLocaleOptions()
 	{
 		return [

js/functions.js

@@ -3107,8 +3107,11 @@ function buildFrame(id, split = null){
     var sandbox = activeInfo.settings.misc.sandbox;
     sandbox = sandbox.replace(/,/gi, ' ');
     sandbox = (sandbox) ? ' sandbox="' + sandbox + '"' : '';
+    var allow = activeInfo.settings.misc.iframeAllow;
+    allow = allow.replace(/,/gi, '; ');
+    allow = (allow) ? ' allow="' + allow + '"' : '';
 	return `
-		<iframe allow="clipboard-read; clipboard-write" allowfullscreen="true" frameborder="0" id="frame-`+extra+id+`" `+sandbox+` scrolling="auto" src="`+tabInfo.access_url+`" class="iframe"></iframe>
+		<iframe `+allow+` frameborder="0" id="frame-`+extra+id+`" `+sandbox+` scrolling="auto" src="`+tabInfo.access_url+`" class="iframe"></iframe>
 	`;
 }
 function buildFrameContainer(id, split = null){