version 1.1, 2019/05/02 02:12:19
|
version 1.3, 2019/05/02 23:09:38
|
Line 41 Called in course context by course perso
|
Line 41 Called in course context by course perso
|
privilege or with view-only access to course editing tools. |
privilege or with view-only access to course editing tools. |
|
|
Query string contains one item: name=exturl, value=URL of external resource |
Query string contains one item: name=exturl, value=URL of external resource |
(format: http://hostname/path or https://hostname/path). |
(format: http://hostname/path or https://hostname/path). |
|
|
The resource URL is sent to &loncommon::is_nonframeable() to check whether |
The resource URL is sent to &loncommon::is_nonframeable() to check whether |
it can be displayed in an iframe in a page served by the current host. |
it can be displayed in an iframe in a page served by the current host. |
|
|
=head1 OVERVIEW |
=head1 OVERVIEW |
|
|
Line 53 Input: external resource URL (from query
|
Line 53 Input: external resource URL (from query
|
Hostname, lonHostID, and IP address for this node are retrieved from Apache. |
Hostname, lonHostID, and IP address for this node are retrieved from Apache. |
|
|
Dependencies: calls &loncommon::is_nonframeable() to check if server where |
Dependencies: calls &loncommon::is_nonframeable() to check if server where |
external resource is hosted is configured with a Content-Security-Policy or |
external resource is hosted is configured with a Content-Security-Policy or |
with X-Frame-options settings which prohibit display of the resource within |
with X-Frame-options settings which prohibit display of the resource within |
an iframe in a LON-CAPA page served from this node. |
an iframe in a LON-CAPA page served from this node. |
|
|
Output to print buffer: (content-type: text/plain): 1, 0, -1 or empty string. |
Output to print buffer: (content-type: text/plain): 1, 0, -1 or empty string. |
'' -- display in iframe is allowed |
'' -- display in iframe is allowed |
1 -- display in iframe not allowed |
1 -- display in iframe not allowed |
0 -- invalid URL |
0 -- invalid URL |
-1 -- could not verify course editing privilege or view-only access to |
-1 -- could not verify course editing privilege or view-only access to |
course editing tools |
course editing tools |
|
|
HTTP Return codes: |
HTTP Return codes: |
406 -- if user is not in a course |
406 -- if user is not in a course |
200 -- otherwise |
200 -- otherwise |
|
|
Line 98 sub handler {
|
Line 98 sub handler {
|
((&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) || |
((&Apache::lonnet::allowed('mdc',$env{'request.course.id'})) || |
(&Apache::lonnet::allowed('cev',$env{'request.course.id'})))) { |
(&Apache::lonnet::allowed('cev',$env{'request.course.id'})))) { |
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['exturl']); |
&Apache::loncommon::get_unprocessed_cgi($ENV{'QUERY_STRING'},['exturl']); |
if ($env{'form.exturl'} =~ m{^https?\://[^/]+}) { |
$env{'form.exturl'} =~ s/^\s+|\s+$//g; |
|
if ($env{'form.exturl'} =~ m{^https?\://([a-z0-9]+(-[a-z0-9]+)*\.)+[a-z]{2,}}i) { |
my $hostname = $r->hostname(); |
my $hostname = $r->hostname(); |
my $lonhost = $r->dir_config('lonHostID'); |
my $lonhost = $r->dir_config('lonHostID'); |
my $ip = &Apache::lonnet::get_host_ip($lonhost); |
my $ip = &Apache::lonnet::get_host_ip($lonhost); |
$r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip)); |
$r->print(&Apache::loncommon::is_nonframeable($env{'form.exturl'},'',$hostname,$ip,1)); |
} else { |
} else { |
$r->print(0); |
$r->print(0); |
} |
} |