feat: Allow control of pop-ups from iframes in Twilio Flex in config-…

…builder AB#32724
global-121 · Jan 15, 2025 · b4ed7e1 · b4ed7e1
1 parent c748edd
commit b4ed7e1
Show file tree

Hide file tree

Showing 3 changed files with 38 additions and 2 deletions.
diff --git a/interfaces/Portalicious/_build-deployment-configuration.mjs b/interfaces/Portalicious/_build-deployment-configuration.mjs
@@ -32,7 +32,6 @@ if (!swaConfig.globalHeaders) {
 // NOTE: All values in each array are written as template-strings, as the use of single-quotes around some values (i.e. 'self') is mandatory and will affect the working of the HTTP-Header.
 let contentSecurityPolicy = new Map([
   ['default-src', [`'self'`]],
-  ['disown-opener', []],
   ['connect-src', [`'self'`]],
   ['frame-ancestors', [`'self'`]],
   ['frame-src', [`blob:`, `'self'`]],
@@ -41,7 +40,6 @@ let contentSecurityPolicy = new Map([
   ['referrer', [`no-referrer`]],
   ['reflected-xss', [`block`]],
   ['style-src', [`'self'`, `'unsafe-inline'`]],
-  ['upgrade-insecure-requests', []],
 ]);
 
 // Set API-origin
@@ -94,6 +92,18 @@ if (process.env.USE_IN_TWILIO_FLEX_IFRAME === 'true') {
   ]);
 }
 
+if (
+  process.env.USE_SSO_AZURE_ENTRA === 'true' &&
+  process.env.USE_IN_TWILIO_FLEX_IFRAME === 'true'
+) {
+  console.info(
+    '✅ Allow control of pop-ups for SSO when the Portal is in an iframe on Twilio Flex',
+  );
+
+  swaConfig.globalHeaders['Cross-Origin-Opener-Policy'] =
+    'same-origin-allow-popups';
+}
+
 // Feature: PowerBI Dashboard(s)
 if (process.env.USE_POWERBI_DASHBOARDS === 'true') {
   console.info('✅ Allow loading Power BI-dashboards');

diff --git a/interfaces/Portalicious/_test-deployment-configuration.mjs b/interfaces/Portalicious/_test-deployment-configuration.mjs
@@ -55,6 +55,19 @@ test('Content-Security-Policy configuration for loading as iframe in Twilio Flex
   }
 });
 
+test('Configuration to control pop-ups for SSO when the Portal is in an iframe on Twilio Flex', () => {
+  const openerPolicy = swaConfig.globalHeaders['Cross-Origin-Opener-Policy'];
+
+  if (
+    process.env.USE_IN_TWILIO_FLEX_IFRAME === 'true' &&
+    process.env.USE_SSO_AZURE_ENTRA === 'true'
+  ) {
+    match(openerPolicy, /same-origin-allow-popups/);
+  } else {
+    match(openerPolicy, /same-origin/);
+  }
+});
+
 test('Content-Security-Policy configuration to load PowerBI dashboard(s) in iframe', () => {
   const frameSrcCondition = /frame-src[^;]* https:\/\/app\.powerbi\.com/;
 

diff --git a/interfaces/Portalicious/_verify-deployment-configuration.mjs b/interfaces/Portalicious/_verify-deployment-configuration.mjs
@@ -63,6 +63,19 @@ test('Content-Security-Policy set for loading as iframe in Twilio Flex', () => {
   }
 });
 
+test('Configuration set to control pop-ups for SSO when the Portal is in an iframe on Twilio Flex', () => {
+  const openerPolicy = response.headers.get('Cross-Origin-Opener-Policy');
+
+  if (
+    process.env.USE_IN_TWILIO_FLEX_IFRAME === 'true' &&
+    process.env.USE_SSO_AZURE_ENTRA === 'true'
+  ) {
+    match(openerPolicy, /same-origin-allow-popups/);
+  } else {
+    match(openerPolicy, /same-origin/);
+  }
+});
+
 test('Content-Security-Policy set to load PowerBI dashboard(s) in iframe', () => {
   const frameSrcCondition = /frame-src[^;]* https:\/\/app\.powerbi\.com/;