mirror of
https://github.com/kevinveenbirkenbach/computer-playbook.git
synced 2025-08-27 05:55:15 +02:00
Kevin Veen-Birkenbach
c182ecf516
- Improved OIDC variable definitions (12_oidc.yml) - Added account/security/profile URLs - Restructured web-app-desktop tasks and JS handling - Introduced oidc.js and iframe.js with runtime loader - Fixed nginx.conf, LDAP, and healthcheck templates spacing - Improved Lua injection for CSP and snippets - Fixed typos (WordPress, receive, etc.) - Added silent-check-sso nginx location Conversation: https://chatgpt.com/share/68ae0060-4fac-800f-9f02-22592a4087d3
31 lines
985 B
Django/Jinja
31 lines
985 B
Django/Jinja
window.addEventListener("message", function(event) {
|
||
const allowedSuffix = ".{{ PRIMARY_DOMAIN }}";
|
||
const origin = event.origin;
|
||
|
||
// 1. Only allow messages from *.{{ PRIMARY_DOMAIN }}
|
||
if (!origin.endsWith(allowedSuffix)) return;
|
||
|
||
const data = event.data;
|
||
|
||
// 2. Only process valid iframeLocationChange messages
|
||
if (data && data.type === "iframeLocationChange" && typeof data.href === "string") {
|
||
try {
|
||
const hrefUrl = new URL(data.href);
|
||
|
||
// 3. Only allow redirects to *.{{ PRIMARY_DOMAIN }}
|
||
if (!hrefUrl.hostname.endsWith(allowedSuffix)) return;
|
||
|
||
// 4. Update the ?iframe= parameter in the browser URL
|
||
const newUrl = new URL(window.location);
|
||
newUrl.searchParams.set("iframe", hrefUrl.href);
|
||
window.history.replaceState({}, "", newUrl);
|
||
} catch (e) {
|
||
// Invalid or malformed URL – ignore
|
||
}
|
||
}
|
||
});
|
||
|
||
{% if MODE_DEBUG | bool %}
|
||
console.log("[iframe-sync] Listener for iframe messages is active.");
|
||
{% endif %}
|