feat: Update isValidMessage() check for Safe Apps (#3907)

yagopv · web-flow · commit 2286fc9ba41d · 2022-05-25T11:27:14.000+02:00
* Change the way to check if the message is being sent from an iframe

* Add separate job for executing e2e tests
diff --git a/.github/workflows/deploy.yml b/.github/workflows/deploy.yml
@@ -163,3 +163,15 @@ jobs:
           SENTRY_AUTH_TOKEN: ${{ secrets.SENTRY_AUTH_TOKEN }}
           SENTRY_ORG: ${{ secrets.SENTRY_ORG }}
           SENTRY_PROJECT: ${{ secrets.SENTRY_PROJECT }}
+  e2e:
+    runs-on: ubuntu-20.04
+    name: E2E on Chrome
+    needs: deploy
+    steps:
+      - uses: actions/checkout@v2
+      - uses: cypress-io/github-action@v2
+        with:
+          spec: cypress/integration/smoke/*.spec.js
+          browser: chrome
+          record: false
+          config: baseUrl=https://pr${{ github.event.number }}--safereact.review-safe.gnosisdev.com/app/
diff --git a/src/routes/safe/components/Apps/communicator.ts b/src/routes/safe/components/Apps/communicator.ts
@@ -43,8 +43,7 @@ class AppCommunicator {
       return true
     }
 
-    // @ts-expect-error .parent doesn't exist on some possible types
-    const sentFromIframe = msg.source.parent === window.parent
+    const sentFromIframe = this.iframeRef.current?.contentWindow === msg.source
     const knownMethod = Object.values(Methods).includes(msg.data.method)
 
     return sentFromIframe && knownMethod

Original file line number	Diff line number	Diff line change
`@@ -43,8 +43,7 @@ class AppCommunicator {`
`43`	`43`	`return true`
`44`	`44`	`}`
`45`	`45`
`46`		`- // @ts-expect-error .parent doesn't exist on some possible types`
`47`		`- const sentFromIframe = msg.source.parent === window.parent`
	`46`	`+ const sentFromIframe = this.iframeRef.current?.contentWindow === msg.source`
`48`	`47`	`const knownMethod = Object.values(Methods).includes(msg.data.method)`
`49`	`48`
`50`	`49`	`return sentFromIframe && knownMethod`