Merge pull request #1760 from matrix-org/matthew/improve-postmessage-origin-check2

improve origin check of ScalarMessaging postmessage API.
This commit is contained in:
Richard van der Hoff 2018-02-19 16:39:15 +00:00 committed by GitHub
commit 715198dc17
No known key found for this signature in database
GPG key ID: 4AEE18F83AFDEB23

View file

@ -563,7 +563,7 @@ const onMessage = function(event) {
const url = SdkConfig.get().integrations_ui_url;
if (
event.origin.length === 0 ||
!url.startsWith(event.origin) ||
!url.startsWith(event.origin + '/') ||
!event.data.action ||
event.data.api // Ignore messages with specific API set
) {