From d6c8a38161845062ab2e08e7479c67409f610424 Mon Sep 17 00:00:00 2001 From: franciscoemanuel-clk Date: Tue, 19 May 2026 19:38:46 -0300 Subject: [PATCH] feat: adiciona regra customizada de allowed para o embedded do Verify --- packages/v3/src/core/base-embed.js | 8 ++++++-- packages/v3/src/signature/embedded.spec.js | 6 ++++++ packages/v3/src/verify/embedded.js | 4 ++++ packages/v3/src/verify/embedded.spec.js | 2 +- 4 files changed, 17 insertions(+), 3 deletions(-) diff --git a/packages/v3/src/core/base-embed.js b/packages/v3/src/core/base-embed.js index 312b482..48b88fb 100644 --- a/packages/v3/src/core/base-embed.js +++ b/packages/v3/src/core/base-embed.js @@ -1,5 +1,5 @@ export default class BaseEmbed { - #allowed = 'camera;geolocation;fullscreen;gyroscope;accelerometer;magnetometer'; + #defaultAllowed = 'camera;geolocation;fullscreen;gyroscope;accelerometer;magnetometer'; #defaultStyles = 'width: 100%; height: 100%;'; @@ -28,7 +28,7 @@ export default class BaseEmbed { this.iframe = document.createElement('iframe'); this.iframe.setAttribute('src', this.source); this.iframe.setAttribute('style', this.#defaultStyles); - this.iframe.setAttribute('allow', this.#allowed); + this.iframe.setAttribute('allow', this.allowed); window.addEventListener('message', this.boundEventHandler); @@ -57,4 +57,8 @@ export default class BaseEmbed { get source() { return `${this.endpoint}${this.path}${this.params}`; } + + get allowed() { + return this.#defaultAllowed; + } } diff --git a/packages/v3/src/signature/embedded.spec.js b/packages/v3/src/signature/embedded.spec.js index 94a0911..2d766b7 100644 --- a/packages/v3/src/signature/embedded.spec.js +++ b/packages/v3/src/signature/embedded.spec.js @@ -41,6 +41,12 @@ describe('Clicksign Embedded', () => { expect(iframeElement).toHaveProperty('src', signatureUrl); }); + it('should keep default iframe allow permissions', () => { + const iframeElement = document.getElementById(containerElementId).children[0]; + + expect(iframeElement.getAttribute('allow')).toBe('camera;geolocation;fullscreen;gyroscope;accelerometer;magnetometer'); + }); + it('should unmount widget on the specified element', () => { const containerElement = document.getElementById(containerElementId); diff --git a/packages/v3/src/verify/embedded.js b/packages/v3/src/verify/embedded.js index 5105e50..8a290a0 100644 --- a/packages/v3/src/verify/embedded.js +++ b/packages/v3/src/verify/embedded.js @@ -7,6 +7,10 @@ export default class Verify extends BaseEmbed { this.custom = options.custom || null; } + get allowed() { + return 'camera;geolocation;fullscreen;gyroscope;accelerometer;magnetometer;encrypted-media'; + } + start(id) { return this.mount(id); } diff --git a/packages/v3/src/verify/embedded.spec.js b/packages/v3/src/verify/embedded.spec.js index 8cbc3d9..90f9e9b 100644 --- a/packages/v3/src/verify/embedded.spec.js +++ b/packages/v3/src/verify/embedded.spec.js @@ -78,7 +78,7 @@ describe('Verify', () => { const iframeElement = document.getElementById(containerElementId).children[0]; - expect(iframeElement.getAttribute('allow')).toBe('camera;geolocation;fullscreen;gyroscope;accelerometer;magnetometer'); + expect(iframeElement.getAttribute('allow')).toBe('camera;geolocation;fullscreen;gyroscope;accelerometer;magnetometer;encrypted-media'); }); it('should set style iframe attribute with width and height 100%', () => {