KEYCLOAK-2617 Ignore postmessages if not initiated by keycloak.js

2016-07-04 13:07:17 +02:00 · 2016-07-04 13:07:17 +02:00 · f3a780cc2d
commit f3a780cc2d
parent 450b57c76a
1 changed files with 16 additions and 2 deletions
--- a/adapters/oidc/js/src/main/resources/keycloak.js
+++ b/adapters/oidc/js/src/main/resources/keycloak.js
@ -792,8 +792,22 @@
                if (event.origin !== loginIframe.iframeOrigin) {
                    return;
                }
+
+                try {
                    var data = JSON.parse(event.data);
+                } catch (err) {
+                    return;
+                }
+
+                if (!data.callbackId) {
+                    return;
+                }
+
                var promise = loginIframe.callbackMap[data.callbackId];
+                if (!promise) {
+                    return;
+                }
+
                delete loginIframe.callbackMap[data.callbackId];

                if ((!kc.sessionId || kc.sessionId == data.session) && data.loggedIn) {