Archive/screentinker
1
0
Fork 0
mirror of https://github.com/screentinker/screentinker.git synced 2026-06-14 18:22:46 -06:00
Code Issues Actions 1 Packages Projects Releases Wiki Activity

fix(widgets): no-store on widget/kiosk render

Browse source 
The render had no Cache-Control. A copy cached before the X-Frame-Options fix keeps
showing blank, and widget data (clock/weather/rss/directory) is dynamic anyway, so
mark the render no-store. Pairs with the X-Frame-Options removal.
This commit is contained in:
ScreenTinker 2026-06-08 23:46:42 -05:00
parent 8dce93d4dc
commit 8e7d599170
2 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

1
server/routes/kiosk.js
View file

@ -183,6 +183,7 @@ router.get('/:id/render', (req, res) => {
// Embedded by the player in a sandboxed (null-origin) iframe; the global
// X-Frame-Options: SAMEORIGIN would refuse that and leave it blank.
res.removeHeader('X-Frame-Options');
res.setHeader('Cache-Control', 'no-store');
res.setHeader('Content-Type', 'text/html');
res.send(html);
});

3
server/routes/widgets.js
View file

@ -189,6 +189,9 @@ router.get('/:id/render', (req, res) => {
// widgets render blank in the web player. Drop it here; the sandbox - not
// X-Frame-Options - is what isolates the widget (it can't read the dashboard JWT).
res.removeHeader('X-Frame-Options');
// Never cache the render: widget data (clock/weather/rss/directory) changes, and
// a cached copy from before the X-Frame-Options change would keep showing blank.
res.setHeader('Cache-Control', 'no-store');
res.setHeader('Content-Type', 'text/html');
res.send(renderWidgetHtml(widget.widget_type, config));
});