github/svgedit
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

- npm: Add script for testing embedded API

Browse Source 
- Fix (Embedded editor): Ensure adding allowedOrigins for embedded response
- Enhancement (Embedded editor): Log if an origin is not whitelisted as sender/receiver
- Demo: Point to raw.githack for proper content-type setting and apparent CORS support; also add `xdomain-svg-editor-es.html` to set origin config and work on Git-based server
This commit is contained in:
Brett Zamir
2018-07-18 22:25:09 -07:00
parent 082d8d0246
commit b023a0076b
5 changed files with 788 additions and 4 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
editor/extensions/ext-xdomain-messaging.js
View File

@@ -18,10 +18,12 @@ export default {
if (!data || typeof data !== 'object' || data.namespace !== 'svgCanvas') {
return;
}
// The default is not to allow any origins, including even the same domain or if run on a file:// URL
// See svgedit-config-es.js for an example of how to configure
// The default is not to allow any origins, including even the same domain or
// if run on a file:// URL See svgedit-config-es.js for an example of how
// to configure
const {allowedOrigins} = svgEditor.curConfig;
if (!allowedOrigins.includes('*') && !allowedOrigins.includes(e.origin)) {
console.log(`Origin ${e.origin} not whitelisted for posting to ${window.origin}`);
return;
}
const cbid = data.id;