There doesn't appear to be a programmatic way to define a whitelist of origins that the iframe will accept requests from. This is something that's recommended by the postMessage (API documentation)[https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage]. It suggests that the receiver of function should "always verify the sender's identity".
By whitelisting, it prevents xdlocalstore from leaking potentially sensitive information
The text was updated successfully, but these errors were encountered:
There doesn't appear to be a programmatic way to define a whitelist of origins that the iframe will accept requests from. This is something that's recommended by the
postMessage(API documentation)[https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage]. It suggests that the receiver of function should "always verify the sender's identity".By whitelisting, it prevents xdlocalstore from leaking potentially sensitive information
The text was updated successfully, but these errors were encountered: