Merge pull request #4006 from diego0020/patch-1

Verify message comes from loginIframe
This commit is contained in:
Stian Thorgersen 2017-04-06 08:34:38 +02:00 committed by GitHub
commit 802f648757

View file

@ -832,10 +832,11 @@
document.body.appendChild(iframe); document.body.appendChild(iframe);
var messageCallback = function(event) { var messageCallback = function(event) {
if (event.origin !== loginIframe.iframeOrigin) { if ((event.origin !== loginIframe.iframeOrigin) || (loginIframe.iframe.contentWindow !== event.source)) {
return; return;
} }
if (event.data != "unchanged") { if (event.data != "unchanged") {
kc.clearToken(); kc.clearToken();
} }