mirror of
https://github.com/keeweb/keeweb.git
synced 2024-06-21 07:06:39 +02:00
checking origin in window message handlers
This commit is contained in:
parent
2f214b25c7
commit
0aa925f95d
|
@ -41,7 +41,7 @@ DropboxChooser.prototype.buildUrl = function() {
|
|||
};
|
||||
|
||||
DropboxChooser.prototype.onMessage = function(e) {
|
||||
if (e.source !== this.popup) {
|
||||
if (e.source !== this.popup || e.origin !== 'https://www.dropbox.com') {
|
||||
return;
|
||||
}
|
||||
const data = JSON.parse(e.data);
|
||||
|
|
|
@ -316,6 +316,9 @@ class StorageBase {
|
|||
};
|
||||
|
||||
const windowMessage = e => {
|
||||
if (e.origin !== location.origin) {
|
||||
return;
|
||||
}
|
||||
if (e.data && e.data.error) {
|
||||
this.logger.error('OAuth error', e.data.error, e.data.error_description);
|
||||
callback('OAuth: ' + e.data.error);
|
||||
|
|
Loading…
Reference in New Issue
Block a user