Contents

# frozen_string_literal: true

module PagesCore
  module Pages
    module PreviewController
      extend ActiveSupport::Concern
      include PagesCore::PageParameters

      included do
        before_action :disable_xss_protection, only: %i[preview]
      end

      def preview?
        @preview || false
      end

      def preview
        render_error 403 unless logged_in?

        @preview = true
        @page = Page.find_by(id: params[:page_id]) || Page.new
        @page.readonly!
        @page.assign_attributes(preview_page_params)

        render_page
      end

      private

      def disable_xss_protection
        # Disabling this is probably not a good idea,
        # but the header causes Chrome to choke when being
        # redirected back after a submit and the page contains an iframe.
        response.headers["X-XSS-Protection"] = "0"
      end

      def preview_page_params
        ActionController::Parameters.new(
          JSON.parse(params.require(:preview_page))
        ).permit(:id, page_content_attributes).merge(
          status: 2,
          published_at: Time.zone.now,
          locale: content_locale,
          redirect_to: nil
        )
      end
    end
  end
end

Version data entries

1 entries across 1 versions & 1 rubygems

Version	Path
pages_core-3.15.5	app/controllers/concerns/pages_core/pages/preview_controller.rb