Better check of jitsi widget message origin.

2018-05-24 16:14:18 +01:00 · 2018-05-24 16:14:18 +01:00 · 9753ee8d82
parent a13d58f6c2
commit 9753ee8d82
1 changed files with 6 additions and 1 deletions
--- a/src/components/views/elements/AppTile.js
+++ b/src/components/views/elements/AppTile.js
@ -278,7 +278,12 @@ export default class AppTile extends React.Component {
            event.origin = event.originalEvent.origin;
        }

-        if (!this.state.widgetUrl.startsWith(event.origin)) {
+        const widgetUrlObj = url.parse(this.state.widgetUrl);
+        const eventOrigin = url.parse(event.origin);
+        if (
+            eventOrigin.protocol !== widgetUrlObj.protocol ||
+            eventOrigin.host !== widgetUrlObj.host
+        ) {
            return;
        }