Comparing version 1.5.1 to 1.6.0
Next Release | ||
------------- | ||
1.6.0 | ||
------ | ||
* Remove frame origin check as it doesn't provide any added security value and makes | ||
integration more complicated for providing applications. | ||
1.5.1 | ||
@@ -5,0 +11,0 @@ ------ |
@@ -286,11 +286,10 @@ 'use strict'; | ||
// 3. Verify that the origin of the app is trusted | ||
// For Chrome, the origin property is in the event.originalEvent object | ||
var origin = event.origin || event.originalEvent.origin; | ||
if (origin === this.origin) { | ||
_logger2.default.log('<< consumer', event.origin, event.data); | ||
// For Chrome, the origin property is in the event.originalEvent object. | ||
// Update origin so it can be used to post back to this frame. | ||
this.origin = event.origin || event.originalEvent.origin; | ||
// 4. Send a response, if any, back to the app. | ||
this.JSONRPC.handle(event.data); | ||
} | ||
_logger2.default.log('<< consumer', event.origin, event.data); | ||
// 3. Send a response, if any, back to the app. | ||
this.JSONRPC.handle(event.data); | ||
} | ||
@@ -297,0 +296,0 @@ |
{ | ||
"name": "xfc", | ||
"version": "1.5.1", | ||
"version": "1.6.0", | ||
"description": "A Cross Frame Container that handles securely embedding web content into a 3rd party domain", | ||
@@ -5,0 +5,0 @@ "author": "Cerner Corporation", |
@@ -201,11 +201,11 @@ import { EventEmitter } from 'events'; | ||
// 3. Verify that the origin of the app is trusted | ||
// For Chrome, the origin property is in the event.originalEvent object | ||
const origin = event.origin || event.originalEvent.origin; | ||
if (origin === this.origin) { | ||
logger.log('<< consumer', event.origin, event.data); | ||
// For Chrome, the origin property is in the event.originalEvent object. | ||
// Update origin so it can be used to post back to this frame. | ||
this.origin = event.origin || event.originalEvent.origin; | ||
// 4. Send a response, if any, back to the app. | ||
this.JSONRPC.handle(event.data); | ||
} | ||
logger.log('<< consumer', event.origin, event.data); | ||
// 3. Send a response, if any, back to the app. | ||
this.JSONRPC.handle(event.data); | ||
} | ||
@@ -212,0 +212,0 @@ |
83167
1465