|
59 | 59 | // ------------------------------------------------------------------------- |
60 | 60 | var sysend = { |
61 | 61 | id: target_id, |
62 | | - broadcast: function(event, data) { |
| 62 | + // args is argument used internaly when sendig message inside iframe |
| 63 | + broadcast: function(event, data, args) { |
63 | 64 | if (channel) { |
64 | | - channel.postMessage({name: event, data: serialize(data)}); |
| 65 | + args = Object.assign(args || {}, { |
| 66 | + domains: domains |
| 67 | + }); |
| 68 | + channel.postMessage({name: event, args: args, data: serialize(data)}); |
65 | 69 | } else { |
66 | 70 | set(event, to_json(data)); |
67 | 71 | // clean up localstorage |
68 | 72 | setTimeout(function() { |
69 | 73 | remove(event); |
70 | 74 | }, 0); |
71 | 75 | } |
| 76 | + if (!is_iframe) { |
| 77 | + send_to_iframes(event, data); |
| 78 | + } |
72 | 79 | }, |
73 | 80 | emit: function(event, data) { |
74 | 81 | sysend.broadcast(event, data); |
|
83 | 90 | serializer.from = from; |
84 | 91 | }, |
85 | 92 | proxy: function(url) { |
| 93 | + domains = domains || []; |
| 94 | + domains.push(origin(url)); |
86 | 95 | if (typeof url === 'string' && host(url) !== window.location.host) { |
87 | | - domains = domains || []; |
88 | | - domains.push(origin(url)); |
89 | 96 | var iframe = document.createElement('iframe'); |
90 | 97 | iframe.style.width = iframe.style.height = 0; |
91 | 98 | iframe.style.border = 'none'; |
|
109 | 116 | } catch(e) { |
110 | 117 | win = iframe.contentWindow; |
111 | 118 | } |
112 | | - iframes.push({window: win, node: iframe}); |
| 119 | + iframes.push({ |
| 120 | + window: win, |
| 121 | + node: iframe, |
| 122 | + origin: origin(iframe.src) |
| 123 | + }); |
113 | 124 | iframe.removeEventListener('load', handler); |
114 | 125 | }); |
115 | 126 | document.body.appendChild(iframe); |
|
364 | 375 | } |
365 | 376 | })(); |
366 | 377 | // ------------------------------------------------------------------------- |
| 378 | + function send_to_iframes(key, data) { |
| 379 | + // propagate events to iframes |
| 380 | + iframes.forEach(function(iframe) { |
| 381 | + var payload = { |
| 382 | + name: uniq_prefix, |
| 383 | + key: key, |
| 384 | + domains: domains, |
| 385 | + data: data |
| 386 | + }; |
| 387 | + if (is_valid_origin(origin(iframe.node.src))) { |
| 388 | + iframe.window.postMessage(JSON.stringify(payload), "*"); |
| 389 | + } |
| 390 | + }); |
| 391 | + } |
| 392 | + // ------------------------------------------------------------------------- |
367 | 393 | function to_json(input) { |
368 | 394 | // save random_value in storage to fix issue in IE that storage event |
369 | 395 | // is fired on same page where setItem was called |
|
438 | 464 | channel = new window.BroadcastChannel(uniq_prefix); |
439 | 465 | channel.addEventListener('message', function(event) { |
440 | 466 | if (event.target.name === uniq_prefix) { |
| 467 | + var data = unserialize(event.data.data); |
441 | 468 | if (is_iframe) { |
442 | 469 | var payload = { |
443 | 470 | name: uniq_prefix, |
444 | 471 | data: event.data, |
445 | 472 | iframe_id: target_id |
446 | 473 | }; |
447 | 474 | var referrer = origin(document.referrer); |
448 | | - if (is_valid_origin(referrer)) { |
| 475 | + var has_domain; |
| 476 | + if (event.data.args && event.data.args.domains) { |
| 477 | + has_domain = !!event.data.args.domains.find(function(origin) { |
| 478 | + return referrer === origin; |
| 479 | + }); |
| 480 | + if (!has_domain) { |
| 481 | + |
| 482 | + } |
| 483 | + |
| 484 | + } |
| 485 | + var has_iframe = !!iframes.find(function(iframe) { |
| 486 | + return iframe.origin === referrer; |
| 487 | + }); |
| 488 | + if (is_valid_origin(referrer) && has_iframe) { |
449 | 489 | window.parent.postMessage(JSON.stringify(payload), "*"); |
450 | 490 | } |
451 | 491 | } else { |
452 | 492 | var key = event.data && event.data.name; |
453 | | - invoke(key, unserialize(event.data.data)); |
| 493 | + invoke(key, data); |
454 | 494 | } |
455 | 495 | } |
456 | 496 | }); |
|
486 | 526 | } |
487 | 527 |
|
488 | 528 | window.addEventListener('message', function(event) { |
| 529 | + console.log({from_frame: event, is_iframe}); |
489 | 530 | if (is_sysend_post_message(event) && is_valid_origin(event.origin)) { |
490 | 531 | try { |
491 | 532 | var payload = JSON.parse(event.data); |
492 | 533 | if (payload && payload.name === uniq_prefix) { |
493 | 534 | var data = unserialize(payload.data); |
494 | 535 | if (is_iframe) { |
495 | | - sysend.broadcast(payload.key, data); |
| 536 | + console.log({payload}); |
| 537 | + sysend.broadcast(payload.key, data, payload.domains); |
496 | 538 | } else { |
| 539 | + console.log({payload, data, event}); |
497 | 540 | if (!data.data.target) { |
498 | | - var key = data && data.name; |
499 | | - invoke(key, data.data); |
| 541 | + var has_iframe = !!iframes.find(function(iframe) { |
| 542 | + return iframe.origin === event.origin; |
| 543 | + }); |
| 544 | + console.log({iframes, has_iframe, valid: is_valid_origin(event.origin), event}); |
| 545 | + if (!has_iframe || is_valid_origin(event.origin)) { |
| 546 | + var key = data && data.name; |
| 547 | + invoke(key, data.data); |
| 548 | + } |
500 | 549 | } |
501 | 550 | } |
502 | 551 | } |
|
506 | 555 | } |
507 | 556 | } |
508 | 557 | }); |
| 558 | + return; |
509 | 559 | if (!is_iframe) { |
510 | 560 | init_visiblity(); |
511 | 561 |
|
|
578 | 628 | addEventListener('beforeunload', function() { |
579 | 629 | sysend.emit('__close__', { id: target_id, wasPrimary: primary }); |
580 | 630 | }, { capture: true }); |
581 | | - |
| 631 | + |
582 | 632 | on_load().then(function() { |
583 | 633 | sysend.list().then(function(list) { |
584 | 634 | target_count = list.length; |
|
0 commit comments