Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Add domain check before sending init message to parent #52

Closed
bluepnume opened this issue Dec 21, 2016 · 4 comments
Closed

Add domain check before sending init message to parent #52

bluepnume opened this issue Dec 21, 2016 · 4 comments

Comments

@bluepnume
Copy link
Collaborator

No description provided.

@harouny
Copy link
Contributor

harouny commented Apr 25, 2017

@bluepnume Can you add more info to that item please? What kind of domain check still missing?

@bluepnume
Copy link
Collaborator Author

Hey, the intent of this was to allow components to define which domains they can be rendered by. For example, if a component specified:

parentDomains: [
    'https://a.com',
    'https://b.com'
]

but the component was rendered by https://c.com, the component should error out and not send any init message (or any message) up to the parent.

@harouny
Copy link
Contributor

harouny commented Apr 25, 2017

Cool. Thanks for the info. On that just to confirm, if a component didn't specify parentDomains, it means that it can send messages to any domain.

@bluepnume
Copy link
Collaborator Author

Yeah, the way it stands right now is that components can be rendered by any domain. If you need to restrict this the best way right now is to rely on an X-FRAME-OPTIONS header.

@harouny harouny mentioned this issue May 26, 2017
Merged
bluepnume pushed a commit that referenced this issue Jun 10, 2017
@harouny
Feature/add domain check before sending init message to parent #52 (#93)
fd9b2ad 
* controlling log level

* add logLevel to probs

* remove defualtEnv prop that was deleted by mistake

* configure logLevel when creating component

* add logging unit tests

* update dist

* update API docs with defaultLogLevel and logLevel

* remove whitespace and one line that was not required for logLevel

* update dist

* Revert "update dist"

This reverts commit 1cf0263.

* Revert "update dist"

This reverts commit 7734741.

* override dist with dist from v 2.0.22

* validate parent domain

* fix validation logic

* remove whitespace

* update readme

* allow string match in parentDomain check

* add tests and use cross-domain-utils

* remove file added by mistake

* happy path tests

* remove whitespace

* upgrade cross-domain-utils and pass array to matchDomain

* do parentDomainValidation before render

* remove code added by mistake

* fix whitespace

* remove non required call to validateRenderAllowed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@bluepnume @harouny