You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("http://example2.com/themes/") // ❌ no meta tag present, blocked
56
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("https://example.com/themes/") // ❌ no meta tag present, blocked
57
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("http://example:9090.com/themes/") // ❌ no meta tag present, blocked
58
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("http://example.com/themes/") // ❌ no meta tag present, blocked
59
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("//example2.com/themes/") // ❌ inherits current page protocol (e.g. http://example2.com/) — no meta tag present, blocked
60
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("//example:9090.com/themes/") // ❌ inherits current page protocol (e.g. http://example:9090.com/) — no meta tag present, blocked
61
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("//example.com/themes/") // ❌ inherits current page protocol (e.g. http://example.com/) — no meta tag present, blocked
62
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("/themes") // ✅ resolves to current page's origin — same-origin, no meta tag present, blocked
63
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("./themes") // ✅ resolves relative to current page's URL — same-origin, no meta tag present, blocked
64
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("../themes") // ✅ resolves relative to current page's URL — same-origin, no meta tag present, blocked
resultEl.textContent=`✅ Link created: ${link.href}`;
93
+
resultEl.className="result allowed";
94
+
}else{
95
+
resultEl.textContent="❌ Blocked — no link element created";
96
+
resultEl.className="result blocked";
76
97
}
98
+
};
77
99
78
-
},1000)
100
+
// ❌ await bundle.configuration.setThemeRoot("http://example2.com/themes/") // no meta tag present, blocked
101
+
// ❌ await bundle.configuration.setThemeRoot("https://example.com/themes/") // no meta tag present, blocked
102
+
// ❌ await bundle.configuration.setThemeRoot("http://example:9090.com/themes/") // no meta tag present, blocked
103
+
// ❌ await bundle.configuration.setThemeRoot("http://example.com/themes/") // no meta tag present, blocked
104
+
// ❌ await bundle.configuration.setThemeRoot("//example2.com/themes/") // inherits current page protocol (e.g. http://example2.com/) — no meta tag present, blocked
105
+
// ❌ await bundle.configuration.setThemeRoot("//example:9090.com/themes/") // inherits current page protocol (e.g. http://example:9090.com/) — no meta tag present, blocked
106
+
// ❌ await bundle.configuration.setThemeRoot("//example.com/themes/") // inherits current page protocol (e.g. http://example.com/) — no meta tag present, blocked
107
+
// ✅ await bundle.configuration.setThemeRoot("/themes/") // resolves to current page's origin — same-origin, no meta tag present, blocked
108
+
// ✅ await bundle.configuration.setThemeRoot("./themes/") // resolves relative to current page's URL — same-origin, no meta tag present, blocked
109
+
// ✅ await bundle.configuration.setThemeRoot("../themes/") // resolves relative to current page's URL — same-origin, no meta tag present, blocked
<p>Following page is using the meta tag <code>sap-allowed-theme-origins</code> to specify allowed theme origins with <code>http://example.com</code> as the allowed origin.</p>
<br/> //example.com/ — inherits current page protocol (e.g. http://example.com/) vs http://example.com/ — matches allowed origin. <br/> Expected link element
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("http://example2.com/themes/") // ❌ different origin, blocked
58
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("https://example.com/themes/") // ❌ different protocol, blocked
59
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("http://example:9090.com/themes/") // ❌ different port, blocked
60
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("http://example.com/themes/") // ✅ matches allowed origin — expected link element
61
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("//example2.com/themes/") // ❌ inherits current page protocol (e.g. http://example2.com/) — different origin, blocked
62
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("//example:9090.com/themes/") // ❌ inherits current page protocol (e.g. http://example:9090.com/) — different port, blocked
63
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("//example.com/themes/") // ✅ inherits current page protocol (e.g. http://example.com/) — matches allowed origin — expected link element
64
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("/themes") // ✅ resolves to current page's origin — same-origin — expected link element
65
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("./themes") // ✅ resolves relative to current page's URL — same-origin — expected link element
66
-
// await window["sap-ui-webcomponents-bundle"].configuration.setThemeRoot("../themes") // ✅ resolves relative to current page's URL — same-origin — expected link element
0 commit comments