From be1a6e5938a870f7e96c12d02cb036718c1cc5ca Mon Sep 17 00:00:00 2001
From: Jeremy Kahn <jeremyckahn@gmail.com>
Date: Mon, 16 Oct 2023 09:54:37 -0500
Subject: [PATCH] feat(sdk): set allowed features

---
 sdk/sdk.ts                           | 4 ++++
 src/config/iframeFeatureAllowList.ts | 6 ++++++
 src/pages/Home/EmbedCodeDialog.tsx   | 9 ++-------
 3 files changed, 12 insertions(+), 7 deletions(-)
 create mode 100644 src/config/iframeFeatureAllowList.ts

diff --git a/sdk/sdk.ts b/sdk/sdk.ts
index 6461ea429..c88819682 100644
--- a/sdk/sdk.ts
+++ b/sdk/sdk.ts
@@ -1,3 +1,5 @@
+import { iframeFeatureAllowList } from '../src/config/iframeFeatureAllowList'
+
 export const defaultRootDomain = 'https://chitchatter.im/'
 
 // NOTE: This is a subset of standard iframe attributes:
@@ -38,6 +40,8 @@ class ChatEmbed extends HTMLElement {
       }
     }
 
+    iframe.setAttribute('allow', iframeFeatureAllowList.join(';'))
+
     shadow.appendChild(iframe)
   }
 }
diff --git a/src/config/iframeFeatureAllowList.ts b/src/config/iframeFeatureAllowList.ts
new file mode 100644
index 000000000..0b3be8448
--- /dev/null
+++ b/src/config/iframeFeatureAllowList.ts
@@ -0,0 +1,6 @@
+export const iframeFeatureAllowList = [
+  'camera',
+  'microphone',
+  'display-capture',
+  'fullscreen',
+]
diff --git a/src/pages/Home/EmbedCodeDialog.tsx b/src/pages/Home/EmbedCodeDialog.tsx
index 849364b08..132baebae 100644
--- a/src/pages/Home/EmbedCodeDialog.tsx
+++ b/src/pages/Home/EmbedCodeDialog.tsx
@@ -8,19 +8,14 @@ import DialogContentText from '@mui/material/DialogContentText'
 import DialogTitle from '@mui/material/DialogTitle'
 import { CopyableBlock } from 'components/CopyableBlock/CopyableBlock'
 
+import { iframeFeatureAllowList } from 'config/iframeFeatureAllowList'
+
 interface EmbedCodeDialogProps {
   showEmbedCode: boolean
   handleEmbedCodeWindowClose: () => void
   embedUrl: URL
 }
 
-const iframeFeatureAllowList = [
-  'camera',
-  'microphone',
-  'display-capture',
-  'fullscreen',
-]
-
 export const EmbedCodeDialog = ({
   showEmbedCode,
   handleEmbedCodeWindowClose,