Kiosk mode [unsafe].

"Kiosk mode" is a "read-only" Zulip suitable for embedding into an iframe on another site. I say "read-only" in quotation marks, because the account is still a fully-fledged active account on the server, and we just tear out a bunch of stuff in Javascript (that a malicious user could easily re-enable). So in that sense, it's not actually safe in security-sensitive environments -- malicious users logged in via kiosk mode can do anything the kiosk-mode user can do. (We need this functionality for the customer3 realm specifically; we'll possibly just tear this code back out once that experiment has run its course.) (imported from commit deb035b4c702fcdb0e660ed549fe74c682abb6d9)
2025-11-16 20:02:15 +00:00 · 2013-08-11 14:14:59 -04:00
parent dbcbeb17d4
commit 0dcaf9ca3d
5 changed files with 66 additions and 1 deletions
--- a/static/js/feature_flags.js
+++ b/static/js/feature_flags.js
@@ -7,6 +7,8 @@ exports.mark_read_at_bottom = page_params.staging;
 exports.summarize_read_while_narrowed = page_params.staging;
 exports.twenty_four_hour_time = _.contains([],
                                  page_params.email);
+exports.kiosk_mode = _.contains(['role-user@customer3.invalid'],
+                                page_params.email);
 return exports;

 }());