feat(venmo): allow trusted domains (#439)

* feat(venmo): allow trusted domains * chore(rebase): update commit messages * chore(rebase): update commit message * chore(domain): remove domain config from tests as not required when url is same domain * chore(test): negative test case for trustedDomains --------- Co-authored-by: Steve Mask <smask@paypal.com>
krakenjs · Jun 12, 2023 · 5f3bf00 · 5f3bf00
1 parent 2ef6fdb
commit 5f3bf00
Show file tree

Hide file tree

Showing 5 changed files with 124 additions and 62 deletions.
diff --git a/src/child/props.js b/src/child/props.js
@@ -82,11 +82,18 @@ export function normalizeChildProps<P, X>(
   for (const key of Object.keys(props)) {
     const prop = propsDef[key];
 
-    if (
-      prop &&
-      prop.sameDomain &&
-      (origin !== getDomain(window) || !isSameDomain(parentComponentWindow))
-    ) {
+    const trustedChild: boolean =
+      prop && prop.trustedDomains && prop.trustedDomains.length > 0
+        ? prop.trustedDomains.includes(getDomain(window))
+        : origin === getDomain(window) || isSameDomain(parentComponentWindow);
+
+    // let trustedDomains override sameDomain prop
+    if (prop && prop.sameDomain && !trustedChild) {
+      continue;
+    }
+
+    // sameDomain was not set and trusted domains must match
+    if (prop && prop.trustedDomains && !trustedChild) {
       continue;
     }
 

diff --git a/src/component/props.js b/src/component/props.js
@@ -191,6 +191,7 @@ export type PropDefinitionType<T, P, S: $Values<typeof PROP_TYPE>, X> = {|
   validate?: ({| value: T, props: PropsType<P> |}) => void,
   sameDomain?: boolean,
   serialization?: $Values<typeof PROP_SERIALIZATION>,
+  trustedDomains?: $ReadOnlyArray<string>,
 |};
 
 export type BOOLEAN_DEFINITION_TYPE = typeof PROP_TYPE.BOOLEAN;

diff --git a/src/parent/parent.js b/src/parent/parent.js
@@ -378,11 +378,18 @@ export function parentComponent<P, X, C>({
         continue;
       }
 
-      if (
-        prop &&
-        prop.sameDomain &&
-        !matchDomain(initialChildDomain, getDomain(window))
-      ) {
+      const trustedChild: boolean =
+        prop && prop.trustedDomains && prop.trustedDomains.length > 0
+          ? prop.trustedDomains.includes(initialChildDomain)
+          : matchDomain(initialChildDomain, getDomain(window));
+
+      // let trustedDomains override sameDomain prop
+      if (prop && prop.sameDomain && !trustedChild) {
+        continue;
+      }
+
+      // sameDomain was not set and trusted domains must match
+      if (prop && prop.trustedDomains && !trustedChild) {
         continue;
       }
 

diff --git a/test/tests/domain.js b/test/tests/domain.js
@@ -68,7 +68,7 @@ describe("parent domain check", () => {
       return component().render(getBody());
     });
 
-    it("allowedParentDomains is specified as a regex and parent domian match", () => {
+    it("allowedParentDomains is specified as a regex and parent domain match", () => {
       window.__component__ = () => {
         return zoid.create({
           tag: "test-parent-domain-regex",
@@ -163,7 +163,7 @@ describe("parent domain check", () => {
       });
     });
 
-    it("xprops.getParentDomain should pass the correct domain", () => {
+    it("xprops.getParent should pass the correct domain", () => {
       return wrapPromise(({ expect }) => {
         window.__component__ = () => {
           return zoid.create({