From 08fe59cc2cfb1e7f912d3365a09bf041cf904886 Mon Sep 17 00:00:00 2001
From: Luis Almeida <lmg.almeida@gmail.com>
Date: Mon, 28 Feb 2022 17:16:07 +0100
Subject: [PATCH] Add a allowOrigin option to bypass invalid origins

---
 lib/client.js       |  3 ++-
 lib/index.js        |  6 ++++--
 spec/client_spec.js | 11 +++++++++++
 3 files changed, 17 insertions(+), 3 deletions(-)

diff --git a/lib/client.js b/lib/client.js
index 059744e4..16dd97cd 100644
--- a/lib/client.js
+++ b/lib/client.js
@@ -326,6 +326,7 @@ export default class Client {
     this._source = options.source || (this._parent && this._parent._source) || window.parent
     this._appGuid = options.appGuid || (this._parent && this._parent._appGuid)
     this._instanceGuid = options.instanceGuid || this._appGuid
+    this._allowOrigin = options.allowOrigin || false
     this._messageHandlers = {}
     this._repliesPending = {}
     this._instanceClients = {}
@@ -335,7 +336,7 @@ export default class Client {
     this._idleState = null
     this.ready = false
 
-    if (!isOriginValid(this._origin)) {
+    if (!this._allowOrigin && !isOriginValid(this._origin)) {
       const originHostname = new URL(this._origin).hostname
       this.postMessage('__track__', {
         event_name: 'invalid_sdk_origin',
diff --git a/lib/index.js b/lib/index.js
index 852ee0a6..db2b47ae 100644
--- a/lib/index.js
+++ b/lib/index.js
@@ -27,15 +27,17 @@ import { queryParameters } from './utils'
  */
 
 const ZAFClient = {
-  init: function (callback, loc) {
+  init: function (callback, loc, options) {
     loc = loc || window.location
+    options = options || {}
+    const allowOrigin = options.allowOrigin
     const queryParams = queryParameters(loc.search)
     const hashParams = queryParameters(loc.hash)
     const origin = queryParams.origin || hashParams.origin
     const appGuid = queryParams.app_guid || hashParams.app_guid
     if (!origin || !appGuid) { return false }
 
-    const client = new Client({ origin, appGuid })
+    const client = new Client({ origin, appGuid, allowOrigin })
 
     if (typeof callback === 'function') {
       client.on('app.registered', callback.bind(client))
diff --git a/spec/client_spec.js b/spec/client_spec.js
index 9faaa1d7..2a2b8a10 100644
--- a/spec/client_spec.js
+++ b/spec/client_spec.js
@@ -177,6 +177,17 @@ describe('Client', () => {
         expect(ACTUAL_ERROR_MSG).to.equal(EXPECTED_ERROR_MSG)
       })
     })
+
+    it('does not clear the iframe and append an error msg when allowOrigin is true', () => {
+      const validOriginClient = new Client({
+        origin: 'https://hostmapped.com',
+        appGuid: 'appGuid',
+        source: source,
+        allowOrigin: true
+      })
+
+      expect(validOriginClient).to.exist()
+    })
   })
 
   describe('initialisation', () => {