gas-client
Advanced tools
Comparing version 0.2.1 to 0.3.0
@@ -35,3 +35,4 @@ "use strict"; | ||
* @param {object} [config] An optional config object for use in development. | ||
* @param {string|function} [config.allowedDevelopmentDomains] An optional config to specify which domains are permitted for communication with Google Apps Script Webpack Dev Server development tool. This is a security setting, and if not specified, this will block functionality in development. Will accept either a space-separated string of allowed subdomains, e.g. `https://localhost:3000 http://localhost:3000` (notice no trailing slash); or a function that takes in the requesting origin should return `true` to allow communication, e.g. `(origin) => /localhost:\d+$/.test(origin)` | ||
* @param {string|function} [config.allowedDevelopmentDomains] An optional config to specify which domains are permitted for receiving communication from a parent window. This is a security setting, and if not specified, will block functionality in development. Will accept either a space-separated string of allowed subdomains, e.g. `https://localhost:3000 http://localhost:3000` (notice no trailing slash); or a function that takes in the requesting origin should return `true` to allow communication, e.g. `(origin) => /localhost:\d+$/.test(origin)` | ||
* @param {string} [config.parentTargetOrigin] An optional config to specify which parent window domain this client can send communication to. Defaults to own domain for backward compatibility with Google Apps Script Webpack Dev Server development tool (domain where the client is running, e.g. localhost). Can be '*' to allow all parent domains. | ||
*/ | ||
@@ -72,4 +73,7 @@ function Server() { | ||
// we'll store and access the resolve/reject functions here by id | ||
window.gasStore = {}; // set up the message 'receive' handler | ||
window.gasStore = {}; // this domain should be restricted to googleusercontent.com but the subdomain is variable | ||
// supports window.location.origin as default for backward compatibility | ||
var targetOrigin = config.parentTargetOrigin || window.location.origin; // set up the message 'receive' handler | ||
var receiveMessageHandler = function receiveMessageHandler(event) { | ||
@@ -122,4 +126,3 @@ var allowedDevelopmentDomains = config.allowedDevelopmentDomains; // check the allow list for the receiving origin | ||
args: [].concat(args) | ||
}, // only send messages to our dev server, which should be running on the same origin | ||
window.location.origin); | ||
}, targetOrigin); | ||
return promise; | ||
@@ -126,0 +129,0 @@ }; |
{ | ||
"name": "gas-client", | ||
"version": "0.2.1", | ||
"version": "0.3.0", | ||
"description": "A client-side utility class that can call server-side Google Apps Script functions", | ||
@@ -5,0 +5,0 @@ "main": "build/index.js", |
@@ -91,6 +91,5 @@ # gas-client | ||
The config object takes: | ||
`allowedDevelopmentDomains`: A config to specifiy which domains are permitted for communication with Google Apps Script Webpack Dev Server development tool. This is a security setting, and if not specified, will block functionality in development. | ||
- `allowedDevelopmentDomains`: A config to specifiy which domains are permitted for communication with Google Apps Script Webpack Dev Server development tool. This is a security setting, and if not specified, will block functionality in development. `allowedDevelopmentDomains` will accept either a space-separated string of allowed subdomains, e.g. `'https://localhost:3000 https://localhost:8080'` (notice no trailing slashes); or a function that takes in the requesting origin and should return `true` to allow communication, e.g. `(origin) => /localhost:\d+$/.test(origin);` | ||
- `parentTargetOrigin` An optional string to specify which parent window domain this client can send communication to. Defaults to own domain for backward compatibility with Google Apps Script Webpack Dev Server development tool (default uses domain where the client is running, e.g. localhost). Can be '*' to allow all parent domains if parent is unknown or variable. | ||
`allowedDevelopmentDomains` will accept either a space-separated string of allowed subdomains, e.g. `'https://localhost:3000 https://localhost:8080'` (notice no trailing slashes); or a function that takes in the requesting origin and should return `true` to allow communication, e.g. `(origin) => /localhost:\d+$/.test(origin);` | ||
### Production mode | ||
@@ -102,3 +101,3 @@ | ||
Note that the `allowedDevelopmentDomains` configuration will be ignored in production, so the same code can and should be used for development and production. | ||
Note that `allowedDevelopmentDomains` and `parentTargetOrigin` configurations will be ignored in production, so the same code can and should be used for development and production. | ||
@@ -105,0 +104,0 @@ ### Development mode |
@@ -24,3 +24,4 @@ import { v4 as uuidv4 } from 'uuid'; | ||
* @param {object} [config] An optional config object for use in development. | ||
* @param {string|function} [config.allowedDevelopmentDomains] An optional config to specify which domains are permitted for communication with Google Apps Script Webpack Dev Server development tool. This is a security setting, and if not specified, this will block functionality in development. Will accept either a space-separated string of allowed subdomains, e.g. `https://localhost:3000 http://localhost:3000` (notice no trailing slash); or a function that takes in the requesting origin should return `true` to allow communication, e.g. `(origin) => /localhost:\d+$/.test(origin)` | ||
* @param {string|function} [config.allowedDevelopmentDomains] An optional config to specify which domains are permitted for receiving communication from a parent window. This is a security setting, and if not specified, will block functionality in development. Will accept either a space-separated string of allowed subdomains, e.g. `https://localhost:3000 http://localhost:3000` (notice no trailing slash); or a function that takes in the requesting origin should return `true` to allow communication, e.g. `(origin) => /localhost:\d+$/.test(origin)` | ||
* @param {string} [config.parentTargetOrigin] An optional config to specify which parent window domain this client can send communication to. Defaults to own domain for backward compatibility with Google Apps Script Webpack Dev Server development tool (domain where the client is running, e.g. localhost). Can be '*' to allow all parent domains. | ||
*/ | ||
@@ -60,2 +61,6 @@ constructor(config = {}) { | ||
// this domain should be restricted to googleusercontent.com but the subdomain is variable | ||
// supports window.location.origin as default for backward compatibility | ||
let targetOrigin = config.parentTargetOrigin || window.location.origin; | ||
// set up the message 'receive' handler | ||
@@ -106,4 +111,3 @@ const receiveMessageHandler = (event) => { | ||
}, | ||
// only send messages to our dev server, which should be running on the same origin | ||
window.location.origin | ||
targetOrigin | ||
); | ||
@@ -110,0 +114,0 @@ return promise; |
18077
218
109