Allow downloads from widgets (#7502)

Notes: Allow downloads from widgets. We are working on a widget that allows the user to download a file (a ICS calendar entry). Right now the sandbox of the widget iframe doesn't allow downloading. Instead, the following error is displayed in the console (for Google Chrome): ``` Download is disallowed. The frame initiating or instantiating the download is sandboxed, but the flag ‘allow-downloads’ is not set. See https://www.chromestatus.com/feature/5706745674465280 for more details. ``` Therefore this PR adds `allow-downloads` to the sandbox capabilities. Steps to reproduce: 1. Create a simple widget with an `index.html` file like, e.g. ``` <a href="index.html" download>Download</a> ``` 2. Host the widget somewhere, add it to the room and open the widget 3. Click on the download button * Without the fix: Nothing happens, there is a warning in the console (see above) * With the fix: The file is downloaded Signed-off-by: Oliver Sand <oliver.sand@nordeck.net>
matrix-org · Jan 20, 2022 · 2e6f616 · 2e6f616
1 parent 98e1c31
commit 2e6f616
Showing 1 changed file with 1 addition and 1 deletion.
diff --git a/src/components/views/elements/AppTile.tsx b/src/components/views/elements/AppTile.tsx
@@ -454,7 +454,7 @@ export default class AppTile extends React.Component<IProps, IState> {
         // hosted on the same origin as the client will get the same access as if you clicked
         // a link to it.
         const sandboxFlags = "allow-forms allow-popups allow-popups-to-escape-sandbox " +
-            "allow-same-origin allow-scripts allow-presentation";
+            "allow-same-origin allow-scripts allow-presentation allow-downloads";
 
         // Additional iframe feature pemissions
         // (see - https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes and https://wicg.github.io/feature-policy/)