Skip to content

Commit

Permalink
Ignore messages from own origin (#2363)
Browse files Browse the repository at this point in the history
Ignore messages form own origin

Currently, II prints a warning to the console (or in case of the VC-flow
even shows a toast) when it receives an unexpected message.
Messages might get sent from browser extension (i.e. the MetaMask
extension does that), which can be recognized by having the same origin
as II itself. Since II does not send messages to itself, we can safely
ignore all of these messages (and the messages do not warrant an `error`).
  • Loading branch information
Frederik Rothenberger authored Mar 14, 2024
1 parent 8a73973 commit 6c34591
Show file tree
Hide file tree
Showing 2 changed files with 10 additions and 0 deletions.
5 changes: 5 additions & 0 deletions src/frontend/src/flows/authorize/postMessageInterface.ts
Original file line number Diff line number Diff line change
Expand Up @@ -131,6 +131,11 @@ const waitForRequest = (): Promise<{
}> => {
return new Promise((resolve) => {
const messageEventHandler = (evnt: MessageEvent) => {
if (evnt.origin === window.location.origin) {
// Ignore messages from own origin (e.g. from browser extensions)
console.warn("Ignoring message from own origin", evnt);
return;
}
const message: unknown = evnt.data;
const result = AuthRequest.safeParse(message);

Expand Down
Original file line number Diff line number Diff line change
Expand Up @@ -71,6 +71,11 @@ const waitForRequest = (): Promise<{
}> => {
return new Promise((resolve) => {
const messageEventHandler = (evnt: MessageEvent) => {
if (evnt.origin === window.location.origin) {
// Ignore messages from own origin (e.g. from browser extensions)
console.warn("Ignoring message from own origin", evnt);
return;
}
const message: unknown = evnt.data;
const result = VcFlowRequest.safeParse(message);

Expand Down

0 comments on commit 6c34591

Please sign in to comment.