Meteor browser-policy, IR Server side routes, and cookies

aadams · June 24, 2015, 7:32pm

My application, at test.my-application.com for example, uses a Iron Router server side route to process data and generate a pdf. Since it’s just a server side route, there’s no integration with the Meteor accounts package. Therefore I’m using the mrt:cookies package to handle tokens and to search the Meteor.users collection.

This works fine.

But once I install the Meteor browser-policy package, and added the following code:

// server/policy.js

 BrowserPolicy.framing.disallow();
 BrowserPolicy.content.disallowInlineScripts();
 BrowserPolicy.content.disallowEval();
 BrowserPolicy.content.allowInlineStyles();
 BrowserPolicy.content.allowFontDataUrl();

 var trusted = [
   '*.google-analytics.com'
 ];

 _.each(trusted, function(origin) {
   origin = "https://" + origin;
   BrowserPolicy.content.allowOriginForAll(origin);
});

When I ran the server side route, I get what looks like a bunch of garbage returned, instead of a proper pdf like before.

What am I doing wrong?

aadams · June 25, 2015, 1:53am

Created a SO question on this here: http://stackoverflow.com/questions/31039939/meteor-browser-policy-ir-server-side-routes-and-cookies

aadams · June 26, 2015, 12:24am

My server side route looks similar to this:

Router.route('/server-side-route', function(req, res) {
  var cookies = new Cookies(req),
  userId = cookies.get("meteor_user_id") || "",
  token = cookies.get("meteor_token") || "";

  //Check a valid user with this token exists
  var user = Meteor.users.findOne({
    _id: userId,
    'services.resume.loginTokens.hashedToken' : Accounts._hashLoginToken(token)
  });

  ...

}, {name: 'get_stuff_done', where: 'server'});