From 6e29846aeda3bb933935400bb7334a3a71445211 Mon Sep 17 00:00:00 2001
From: Miklos Vajna <vmiklos@collabora.com>
Date: Fri, 16 Feb 2024 16:34:50 +0100
Subject: [PATCH] fix: emit allow attribute on iframe for the clipboard (fixes
 #3474)

As described at
<https://sites.google.com/a/chromium.org/dev/Home/chromium-security/deprecating-permissions-in-cross-origin-iframes>
newer Chrome requires explicit markup for code in an iframe to execute
JS that requires permissions, like clipboard.

If this markup is missing, then the user won't be even asked.  Use the
wildcard syntax, because the COOL JS code in the iframe is not the
initial src attribute value of the iframe, it gets changed later.

With this, a permission popup on paste shows up in Chrome even if the
paste is perssed on the notebookbar, even if nextcloud is served from
one domain and COOL is served from an other domain.

This fixes the document edit case; possibly it should be also added at
all other places where the allowfullscreen attribute is used, which is
not done in this commit.

Signed-off-by: Miklos Vajna <vmiklos@collabora.com>
---
 src/view/Office.vue | 1 +
 1 file changed, 1 insertion(+)

diff --git a/src/view/Office.vue b/src/view/Office.vue
index 176cc36b05..d618d464a7 100644
--- a/src/view/Office.vue
+++ b/src/view/Office.vue
@@ -78,6 +78,7 @@
 			data-cy="coolframe"
 			scrolling="no"
 			allowfullscreen
+			allow="clipboard-read *; clipboard-write *"
 			class="office-viewer__iframe"
 			:style="{visibility: showIframe ? 'visible' : 'hidden' }"
 			:src="iframeSrc" />