2020-08-06 20:03:46 +01:00
|
|
|
import { configContext } from "../ConfigContext";
|
2020-05-26 03:30:55 +01:00
|
|
|
|
|
|
|
|
export function isInvalidParentFrameOrigin(event: MessageEvent): boolean {
|
2020-08-06 20:03:46 +01:00
|
|
|
return !isValidOrigin(configContext.allowedParentFrameOrigins, event);
|
2020-05-26 03:30:55 +01:00
|
|
|
}
|
|
|
|
|
|
2020-09-17 22:13:22 +01:00
|
|
|
function isValidOrigin(allowedOrigins: string[], event: MessageEvent): boolean {
|
2020-05-26 03:30:55 +01:00
|
|
|
const eventOrigin = (event && event.origin) || "";
|
|
|
|
|
const windowOrigin = (window && window.origin) || "";
|
|
|
|
|
if (eventOrigin === windowOrigin) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
|
2020-09-17 22:13:22 +01:00
|
|
|
for (const origin of allowedOrigins) {
|
|
|
|
|
const result = new RegExp(origin).test(eventOrigin);
|
|
|
|
|
if (result) {
|
|
|
|
|
return true;
|
|
|
|
|
}
|
|
|
|
|
}
|
2020-09-30 00:09:11 +01:00
|
|
|
console.error(`Invalid parent frame origin detected: ${eventOrigin}`);
|
2020-09-17 22:13:22 +01:00
|
|
|
return false;
|
2020-05-26 03:30:55 +01:00
|
|
|
}
|
