You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
There doesn't appear to be a programmatic way to define a whitelist of origins that the iframe will accept requests from. This is something that's recommended by the postMessage (API documentation)[https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage]. It suggests that the receiver of function should "always verify the sender's identity".
By whitelisting, it prevents xdlocalstore from leaking potentially sensitive information
The text was updated successfully, but these errors were encountered:
There doesn't appear to be a programmatic way to define a whitelist of origins that the iframe will accept requests from. This is something that's recommended by the
postMessage
(API documentation)[https://developer.mozilla.org/en-US/docs/Web/API/Window/postMessage]. It suggests that the receiver of function should "always verify the sender's identity".By whitelisting, it prevents xdlocalstore from leaking potentially sensitive information
The text was updated successfully, but these errors were encountered: