Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Origin Use is Backwards? #34

Closed
l-cornelius-dol opened this issue Dec 22, 2016 · 2 comments
Closed

Origin Use is Backwards? #34

l-cornelius-dol opened this issue Dec 22, 2016 · 2 comments

Comments

@l-cornelius-dol
Copy link

l-cornelius-dol commented Dec 22, 2016
edited
Loading

I have a page which loads an iframe from a user configured URL. In order to set up the channel between the page and the iframe, I initialize the channel each using the other's URL, after reducing it to protocol://domain/.

For example, page at http://localhost/a/b/c loads external website http://think.dolhub.com. So in the localhost page I use origin="http://think.dolhub.com" and in the external page on dolhub.com I use origin="http://localhost".

However, the request to build the channel throws: Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘http://think.dolhub.com’) does not match the recipient window’s origin (‘http://localhost’).. However, the supplied origin most certainly does match the recipient's origin:

image

This is backwards from my expectations, which is to supply the origin of the page I wish to communicate with at each respective end. Otherwise, where is the security?
@l-cornelius-dol
Copy link
Author

Making progress on this... it seems Firefox temporarily places an about:blank URL, which has the origin of the containing page, causing the attempt to ping the other window to fail if it happens too quickly, which it usually does. Unfortunately, there seems to be no reliable way to test which "window" is current in the frame. Might have to resort to try/catch silliness.

@l-cornelius-dol
Copy link
Author

l-cornelius-dol commented Dec 22, 2016
edited
Loading

OK, so the problem was indeed the intermediate iframe in Firefox (did not test on other browsers). What I had to do was a little ugly:

setTimeout(function buildChannel() {                                                // frame (ifrwin) for channel not immediately available
    let chlscp="...my scope...";
    let chlorg=tskurl.match(/^[A-Za-z]{1,10}:\/\//)                                 // cope with either absolute or relative URL
               ? tskurl.split("/").slice(0,3).join("/")                             // reduce absolute URL to protocol://domain:port
               : window.location.origin;                                            // just use this window's domain for relative
    let ifrwin=ifrelm.contentWindow;
    try {                                                                           // will throw when real external URL becomes active, due to `""+ifrwin.location`
        if(!ifrwin || !ifrwin.location || ""+ifrwin.location=="about:blank") {      // about:blank needed for Firefox or will throw on bad origin
            setTimeout(buildChannel,20);                                            // frame not loaded, try again in a little bit
            return;
            }
        }
    console.log("Task collaboration channel is pending (scope="+chlscp+", origin="+chlorg+")");
    obj.channel=Channel.build({
        window  : ifrwin,
        ...

Will close this, but it would be useful for the library to cope with this situation.

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@l-cornelius-dol