config parameter disabling forcing sso iframe

lib/AppInfo/Application.php

@@ -48,6 +48,7 @@ class Application extends App implements IBootstrap {
 		'show_labs_settings' => 'true',
 		'set_custom_permalink' => 'false',
 		'sso_immediate_redirect' => 'false',
+		'sso_force_iframe' => 'false',
 	];
 
 	public function __construct(array $urlParams = []) {

lib/Controller/AppController.php

@@ -59,6 +59,8 @@ public function index() {
 
 		$this->initialStateService->provideInitialState(Application::APP_ID, 'disable_custom_urls',
 			$this->config->getAppValue(Application::APP_ID, 'disable_custom_urls', Application::AvailableSettings['disable_custom_urls']));
+		$this->initialStateService->provideInitialState(Application::APP_ID, 'sso_force_iframe',
+			$this->config->getAppValue(Application::APP_ID, 'sso_force_iframe', Application::AvailableSettings['sso_force_iframe']));
 
 		$default_server_domain = $this->config->getAppValue(Application::APP_ID, 'base_url', Application::AvailableSettings['base_url']);
 		$csp = new ContentSecurityPolicy();

src/components/AdminSettings.vue

@@ -78,6 +78,18 @@
                     for="sso_immediate_redirect"
                 >{{ t('riotchat', 'Redirect immediately to SSO (requires SSO to be configured on the Matrix Homeserver)') }}</label>
                 <br>
+                <input
+                    id="sso_force_iframe"
+                    v-model="sso_force_iframe"
+                    type="checkbox"
+                    class="checkbox"
+                    @change="updateSetting('sso_force_iframe')"
+                >
+                <label
+                    ref="sso_force_iframe"
+                    for="sso_force_iframe"
+                >{{ t('riotchat', 'Disable redirect to non-iframed version for SSO (make sure to set the headers to allow the SSO or CAS to be iframed)') }}</label>
+                <br>
                 <input
                     id="disable_login_language_selector"
                     v-model="disable_login_language_selector"
@@ -232,6 +244,7 @@ export default {
             "custom_json_loading": false,
             "set_custom_permalink": loadState('riotchat', 'set_custom_permalink') === 'true',
             "sso_immediate_redirect": loadState('riotchat', 'sso_immediate_redirect') === 'true',
+            "sso_force_iframe": loadState('riotchat', 'sso_force_iframe') === 'true',
         };
     },
     computed: {

src/main.js

@@ -56,16 +56,19 @@ function onIframeLoad () {
         }
     };
 
-    // Watch for the localStorage change that indicates that an SSO sign in is being attempted
-    // eslint-disable-next-line no-proto
-    iframe.contentWindow.localStorage.__proto__.setItem = function (...params) {
-        // It looks like an SSO or CAS login is being attempted
-        if (params[0] === "mx_sso_hs_url" && iframe.contentWindow.location.hash === "#/login") {
-            // Kick them to the non-iframed version. A bit jarring but SSO login most likely won't work in the iframe.
-            window.location.href = generateUrl('/apps/riotchat/riot/#/login');
-        }
-        window.localStorage.setItem.apply(this, params);
-    };
+    // Setting sso_force_iframe (in config) to true forces iframe even if using SSO or CAS login
+    if (loadState('riotchat', 'sso_force_iframe') !== 'true') {
+        // Watch for the localStorage change that indicates that an SSO sign in is being attempted
+        // eslint-disable-next-line no-proto
+        iframe.contentWindow.localStorage.__proto__.setItem = function (...params) {
+            // It looks like an SSO or CAS login is being attempted
+            if (params[0] === "mx_sso_hs_url" && iframe.contentWindow.location.hash === "#/login") {
+                // Kick them to the non-iframed version. A bit jarring but SSO login most likely won't work in the iframe.
+                window.location.href = generateUrl('/apps/riotchat/riot/#/login');
+            }
+            window.localStorage.setItem.apply(this, params);
+        };
+    }
 }
 
 function iframeHashChanged () {