From 0999bb46fc8de4ae12aba9fb1ceadc02e6573e6c Mon Sep 17 00:00:00 2001
From: =?UTF-8?q?Laura=20Kl=C3=BCnder?= <laura@codingcatgirl.de>
Date: Tue, 27 Aug 2024 23:59:52 +0200
Subject: [PATCH] fix cross-origin stuff for embed

---
 src/c3nav/site/views.py | 12 ++++++++++++
 1 file changed, 12 insertions(+)

diff --git a/src/c3nav/site/views.py b/src/c3nav/site/views.py
index 1d32c7ce..6f539438 100644
--- a/src/c3nav/site/views.py
+++ b/src/c3nav/site/views.py
@@ -1,6 +1,7 @@
 import json
 from itertools import chain
 from typing import Optional
+from urllib.parse import urlparse
 
 import qrcode
 from django.conf import settings
@@ -226,8 +227,19 @@ def map_index(request, mode=None, slug=None, slug2=None, details=None, options=N
 
     response = render(request, 'site/map.html', ctx)
     set_tile_access_cookie(request, response)
+
     if embed:
         xframe_options_exempt(lambda: response)()
+        cross_origin = request.META.get('HTTP_ORIGIN')
+        if cross_origin is not None:
+            try:
+                if request.META['HTTP_HOST'] == urlparse(cross_origin).hostname:
+                    cross_origin = None
+            except ValueError:
+                pass
+        if cross_origin is not None:
+            response['Access-Control-Allow-Origin'] = cross_origin
+
     return response