From 58f7ac076f3cec28c8d43e72335cb967f2dfa7f5 Mon Sep 17 00:00:00 2001
From: Frederik Rothenberger <frederik.rothenberger@dfinity.org>
Date: Wed, 13 Mar 2024 15:57:32 +0100
Subject: [PATCH] Ignore messages form own origin

Currently, II prints a warning to the console (or in case of the VC-flow
even shows a toast) when it receives an unexpected message.
Messages might get sent from browser extension (i.e. the MetaMask
extension does that), which can be recognized by having the same origin
as II itself. Since II does not send messages to itself, we can safely
ignore all of these messages (and the messages do not warrant an `error`).
---
 src/frontend/src/flows/authorize/postMessageInterface.ts     | 5 +++++
 .../src/flows/verifiableCredentials/postMessageInterface.ts  | 5 +++++
 2 files changed, 10 insertions(+)

diff --git a/src/frontend/src/flows/authorize/postMessageInterface.ts b/src/frontend/src/flows/authorize/postMessageInterface.ts
index 6e858b8637..7c4859bebf 100644
--- a/src/frontend/src/flows/authorize/postMessageInterface.ts
+++ b/src/frontend/src/flows/authorize/postMessageInterface.ts
@@ -131,6 +131,11 @@ const waitForRequest = (): Promise<{
 }> => {
   return new Promise((resolve) => {
     const messageEventHandler = (evnt: MessageEvent) => {
+      if (evnt.origin === window.location.origin) {
+        // Ignore messages from own origin (e.g. from browser extensions)
+        console.warn("Ignoring message from own origin", evnt);
+        return;
+      }
       const message: unknown = evnt.data;
       const result = AuthRequest.safeParse(message);
 
diff --git a/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts b/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts
index e2a5c55ef0..871efeeb01 100644
--- a/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts
+++ b/src/frontend/src/flows/verifiableCredentials/postMessageInterface.ts
@@ -71,6 +71,11 @@ const waitForRequest = (): Promise<{
 }> => {
   return new Promise((resolve) => {
     const messageEventHandler = (evnt: MessageEvent) => {
+      if (evnt.origin === window.location.origin) {
+        // Ignore messages from own origin (e.g. from browser extensions)
+        console.warn("Ignoring message from own origin", evnt);
+        return;
+      }
       const message: unknown = evnt.data;
       const result = VcFlowRequest.safeParse(message);