From 1a859c0f271e2944f266e39c28ff3e39448e14d3 Mon Sep 17 00:00:00 2001 From: Evan Carothers Date: Wed, 26 Oct 2016 14:44:48 -0400 Subject: [PATCH] bugfix for origin detection in xdomain_cookie --- dev/xdomain_cookie.dev.js | 2 +- src/xdomain_cookie.js | 2 +- src/xdomain_cookie.min.js | 2 +- 3 files changed, 3 insertions(+), 3 deletions(-) diff --git a/dev/xdomain_cookie.dev.js b/dev/xdomain_cookie.dev.js index 783324a..868bf23 100644 --- a/dev/xdomain_cookie.dev.js +++ b/dev/xdomain_cookie.dev.js @@ -31,7 +31,7 @@ _log("_inbound_postmessage", event.origin, event.data); var origin = event.origin || event.originalEvent.origin; // For Chrome, the origin property is in the event.originalEvent object. - if (origin !== iframe_path) return; //incoming message not from iframe + if (iframe_path.substr(0,origin.length) !== origin) return; //incoming message not from iframe if(typeof event.data !== 'string') return; //expected json string encoded payload var data = null; diff --git a/src/xdomain_cookie.js b/src/xdomain_cookie.js index 02407a9..ed1d702 100644 --- a/src/xdomain_cookie.js +++ b/src/xdomain_cookie.js @@ -33,7 +33,7 @@ _log("_inbound_postmessage", event.origin, event.data); var origin = event.origin || event.originalEvent.origin; // For Chrome, the origin property is in the event.originalEvent object. - if (origin !== iframe_path) return; //incoming message not from iframe + if (iframe_path.substr(0,origin.length) !== origin) return; //incoming message not from iframe if(typeof event.data !== 'string') return; //expected json string encoded payload var data = null; diff --git a/src/xdomain_cookie.min.js b/src/xdomain_cookie.min.js index efae502..c2aef9e 100644 --- a/src/xdomain_cookie.min.js +++ b/src/xdomain_cookie.min.js @@ -1,3 +1,3 @@ /* Version 1.0.6 xdomain-cookies (http://contently.github.io/xdomain-cookies/) from Contently (https://github.com/contently) */ -!function(exports){"use strict";var xDomainCookie=function(iframe_path,namespace,xdomain_only,iframe_load_timeout_ms,secure_only,debug){function _log(){_debug&&(arguments[0]=":XDC_PAGE: "+arguments[0],console.log.apply(console,arguments))}function _inbound_postmessage(event){_log("_inbound_postmessage",event.origin,event.data);var origin=event.origin||event.originalEvent.origin;if(origin===iframe_path&&"string"==typeof event.data){var data=null;try{data=JSON.parse(event.data)}catch(e){}"object"!=typeof data||data instanceof Array||"msg_type"in data&&"xdsc_read"===data.msg_type&&"namespace"in data&&data.namespace===_namespace&&(_xdomain_cookie_data=data.cookies,_iframe_ready=!0,_fire_pending_callbacks())}}function _iframe_load_error_occured(){_log("_iframe_load_error_occured"),_iframe_load_error=!0,_fire_pending_callbacks()}function _on_iframe_ready_or_error(cb){_callbacks.push(cb),_fire_pending_callbacks()}function _fire_pending_callbacks(){if(_iframe_load_error||_iframe_ready)for(;_callbacks.length>0;)_callbacks.pop()(_iframe_load_error)}function _set_cookie_in_iframe(cookie_name,cookie_value,expires_days){var data={namespace:_namespace,msg_type:"xdsc_write",cookie_name:cookie_name,cookie_val:cookie_value,expires_days:expires_days,secure_only:_secure_only};_log("_set_cookie_in_iframe",data),document.getElementById("xdomain_cookie_"+_id).contentWindow.postMessage(JSON.stringify(data),iframe_path)}function _get_local_cookie(cookie_name){for(var name=cookie_name+"=",ca=document.cookie.split(";"),i=0;i0;)_callbacks.pop()(_iframe_load_error)}function _set_cookie_in_iframe(cookie_name,cookie_value,expires_days){var data={namespace:_namespace,msg_type:"xdsc_write",cookie_name:cookie_name,cookie_val:cookie_value,expires_days:expires_days,secure_only:_secure_only};_log("_set_cookie_in_iframe",data),document.getElementById("xdomain_cookie_"+_id).contentWindow.postMessage(JSON.stringify(data),iframe_path)}function _get_local_cookie(cookie_name){for(var name=cookie_name+"=",ca=document.cookie.split(";"),i=0;i