Fix preview warning page when inside iframe (#2373)

brunogrbavac · web-flow · commit 809449d8c8d6 · 2025-09-05T11:42:29.000+02:00
Signed-off-by: Bruno Grbavac &lt;bruno.grbavac@outlook.com&gt;
diff --git a/apps/proxy/pkg/proxy/proxy.go b/apps/proxy/pkg/proxy/proxy.go
@@ -123,7 +123,7 @@ func StartProxy(config *config.Config) error {
 
 	router.Any("/*path", func(ctx *gin.Context) {
 		if ctx.Request.Method == "POST" && ctx.Request.URL.Path == ACCEPT_PREVIEW_PAGE_WARNING_PATH {
-			handleAcceptProxyWarning(ctx, config.EnableTLS)
+			handleAcceptProxyWarning(ctx, config.ProxyProtocol == "https")
 			return
 		}
 
diff --git a/apps/proxy/pkg/proxy/warning_page.go b/apps/proxy/pkg/proxy/warning_page.go
@@ -22,6 +22,15 @@ const (
 )
 
 func handleAcceptProxyWarning(ctx *gin.Context, secure bool) {
+	// Set SameSite attribute based on security context
+	if secure {
+		// For HTTPS, use SameSite=None to allow cross-origin iframe usage
+		ctx.SetSameSite(http.SameSiteNoneMode)
+	} else {
+		// For HTTP (local dev), use SameSite=Lax
+		ctx.SetSameSite(http.SameSiteLaxMode)
+	}
+
 	// Set the acceptance cookie
 	ctx.SetCookie(
 		PREVIEW_PAGE_ACCEPT_COOKIE_NAME,

Original file line number	Diff line number	Diff line change
`@@ -123,7 +123,7 @@ func StartProxy(config *config.Config) error {`
`123`	`123`
`124`	`124`	`router.Any("/path", func(ctx gin.Context) {`
`125`	`125`	`if ctx.Request.Method == "POST" && ctx.Request.URL.Path == ACCEPT_PREVIEW_PAGE_WARNING_PATH {`
`126`		`- handleAcceptProxyWarning(ctx, config.EnableTLS)`
	`126`	`+ handleAcceptProxyWarning(ctx, config.ProxyProtocol == "https")`
`127`	`127`	`return`
`128`	`128`	`}`
`129`	`129`