From bdb2fdb8f5731510799d88e5f3fb87f5a2c270c5 Mon Sep 17 00:00:00 2001
From: Morgan Aubert <morgan.aubert@zoho.com>
Date: Wed, 28 Mar 2018 10:34:01 -0400
Subject: [PATCH] Fixed infinite callback loop in check-session iframe

This commit fixes the JS callback defined in the check-session iframe which can produce infinite callback loops if the received message doesn't come from the relying
party. In that case another message is posted to the source of the message (which can be the OP itself) thus resulting in an infinite loop because "error" messages are
continuously generated by the callback function.
---
 .../templates/oidc_provider/check_session_iframe.html         | 4 ++++
 1 file changed, 4 insertions(+)

diff --git a/oidc_provider/templates/oidc_provider/check_session_iframe.html b/oidc_provider/templates/oidc_provider/check_session_iframe.html
index 445fda2..e04d5ce 100644
--- a/oidc_provider/templates/oidc_provider/check_session_iframe.html
+++ b/oidc_provider/templates/oidc_provider/check_session_iframe.html
@@ -9,6 +9,10 @@
             window.addEventListener("message", receiveMessage, false);
 
             function receiveMessage(e) {
+                if (!e.data || typeof e.data != 'string' || e.data == 'error') {
+                    return;
+                }
+
                 var status;
                 try {
                     var clientId = e.data.split(' ')[0];