From 1478f08e4fe102b79978fa51b7846c85ff3f7c74 Mon Sep 17 00:00:00 2001
From: Robin Ward <robin.ward@gmail.com>
Date: Thu, 2 Jan 2014 11:32:50 -0500
Subject: [PATCH] In development mode, relax restrictions on embedding.

---
 app/controllers/embed_controller.rb | 7 +++++--
 app/views/embed/best.html.erb       | 2 +-
 2 files changed, 6 insertions(+), 3 deletions(-)

diff --git a/app/controllers/embed_controller.rb b/app/controllers/embed_controller.rb
index 1f9905ae4..f7a56ede0 100644
--- a/app/controllers/embed_controller.rb
+++ b/app/controllers/embed_controller.rb
@@ -22,8 +22,11 @@ class EmbedController < ApplicationController
   private
 
     def ensure_embeddable
-      raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
-      raise Discourse::InvalidAccess.new('invalid referer host') if URI(request.referer || '').host != SiteSetting.embeddable_host
+
+      if !(Rails.env.development? && current_user.try(:admin?))
+        raise Discourse::InvalidAccess.new('embeddable host not set') if SiteSetting.embeddable_host.blank?
+        raise Discourse::InvalidAccess.new('invalid referer host') if uri.host != SiteSetting.embeddable_host
+      end
 
       response.headers['X-Frame-Options'] = "ALLOWALL"
     rescue URI::InvalidURIError
diff --git a/app/views/embed/best.html.erb b/app/views/embed/best.html.erb
index d8298d0b1..6b8f38de3 100644
--- a/app/views/embed/best.html.erb
+++ b/app/views/embed/best.html.erb
@@ -23,7 +23,7 @@
 
   <footer>
     <%= link_to(I18n.t('embed.continue'), @topic_view.topic.url, class: 'button', target: '_blank') %>
-    <%= link_to(image_tag(SiteSetting.logo_url, class: 'logo'), Discourse.base_url) %>
+    <%= link_to(image_tag(SiteSetting.logo_url, class: 'logo'), Discourse.base_url, target: '_blank') %>
   </footer>
 
 <% end %>