Skip to Content
⚠️Active Development Notice: TimeTiles is under active development. Information may be placeholder content or not up-to-date.
ReferenceAPI ReferenceLibraryUtilsEmbed

web

web / lib/utils/embed

lib/utils/embed

Utilities for embed functionality.

Functions

isEmbedOriginAllowed()

isEmbedOriginAllowed(site, referer): boolean

Checks whether a request’s Referer origin is allowed by the site’s embedding config.

Returns true if:

  • No restrictions are configured (empty or missing allowedOrigins)
  • The referer’s origin matches one of the allowed origins

When allowedOrigins is configured, a missing Referer header is treated as denied. This prevents bypass via Referrer-Policy: no-referrer on the embedding page. The middleware still sets frame-ancestors * because it runs in Edge Runtime without DB access — the origin check here is the actual enforcement layer and refuses to render content for disallowed origins.

Parameters

site

Site | null

referer

string | null

Returns

boolean

Last updated on
DateEvent Detail