From 0e9b4bcbae7f125b05753d05f2c53861639d4324 Mon Sep 17 00:00:00 2001 From: Alexander Schwartz Date: Sun, 24 Mar 2024 14:55:23 +0100 Subject: [PATCH] Add `structurizr.com` to the allow-list to show contents in an iframe in the preview (#1510) --- CHANGELOG.adoc | 1 + .../asciidoc/intellij/editor/javafx/PreviewStaticServer.java | 2 +- 2 files changed, 2 insertions(+), 1 deletion(-) diff --git a/CHANGELOG.adoc b/CHANGELOG.adoc index b09745a9b..5f7d9b5c2 100644 --- a/CHANGELOG.adoc +++ b/CHANGELOG.adoc @@ -15,6 +15,7 @@ This document provides a high-level view of the changes introduced by release. - Avoid NPE when searching for Java references (#1582) - Avoid invalidated objects when searching for Java references (#1583) - Close files before converting file from Markdown to AsciiDoc (#1584) +- Add `structurizr.com` to the allow-list to show contents in an iframe in the preview (#1510) === 0.41.10 diff --git a/src/main/java/org/asciidoc/intellij/editor/javafx/PreviewStaticServer.java b/src/main/java/org/asciidoc/intellij/editor/javafx/PreviewStaticServer.java index 2e058c1c8..222dca68b 100644 --- a/src/main/java/org/asciidoc/intellij/editor/javafx/PreviewStaticServer.java +++ b/src/main/java/org/asciidoc/intellij/editor/javafx/PreviewStaticServer.java @@ -81,7 +81,7 @@ public static String createCSP(@NotNull Map attributes) { + "img-src file: data: localfile: *; connect-src 'none'; font-src *; " + "object-src data: file: localfile: *;" + // used for interactive SVGs "media-src 'none'; child-src 'none'; " + - "frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/"; // used for vimeo/youtube iframes + "frame-src 'self' https://player.vimeo.com/ https://www.youtube.com/ https://structurizr.com/"; // used for vimeo/youtube iframes } else { // this will restrict external content as much as possible result = "default-src 'none'; script-src 'unsafe-inline' 'unsafe-eval' " + Urls.parseEncoded("http://localhost:" + BuiltInServerManager.getInstance().getPort() + PREFIX + "/scripts/").toExternalForm() + "; "