Tweak UIA postMessage check to work cross-origin (#12878)

* Soften UIA fallback postMessage check to work cross-origin

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Do the same for the SSO UIA flow

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

* Check against MessageEvent::source instead

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>

---------

Signed-off-by: Michael Telatynski <7t3chguy@gmail.com>
This commit is contained in:
Michael Telatynski 2024-08-16 09:12:18 +01:00 committed by GitHub
parent 7a91e3efcf
commit 88cf643cbd
No known key found for this signature in database
GPG key ID: B5690EEEBB952194

View file

@ -833,7 +833,7 @@ export class SSOAuthEntry extends React.Component<ISSOAuthEntryProps, ISSOAuthEn
}; };
private onReceiveMessage = (event: MessageEvent): void => { private onReceiveMessage = (event: MessageEvent): void => {
if (event.data === "authDone" && event.origin === this.props.matrixClient.getHomeserverUrl()) { if (event.data === "authDone" && event.source === this.popupWindow) {
if (this.popupWindow) { if (this.popupWindow) {
this.popupWindow.close(); this.popupWindow.close();
this.popupWindow = null; this.popupWindow = null;
@ -950,7 +950,7 @@ export class FallbackAuthEntry extends React.Component<IAuthEntryProps> {
}; };
private onReceiveMessage = (event: MessageEvent): void => { private onReceiveMessage = (event: MessageEvent): void => {
if (event.data === "authDone" && event.origin === this.props.matrixClient.getHomeserverUrl()) { if (event.data === "authDone" && event.source === this.popupWindow) {
this.props.submitAuthDict({}); this.props.submitAuthDict({});
} }
}; };