kumi/django-oidc-provider
1
0
Fork 0
Code Issues Pull requests Packages Projects Releases Wiki Activity

Fixed infinite callback loop in check-session iframe

Browse source 
This commit fixes the JS callback defined in the check-session iframe which can produce infinite callback loops if the received message doesn't come from the relying
party. In that case another message is posted to the source of the message (which can be the OP itself) thus resulting in an infinite loop because "error" messages are
continuously generated by the callback function.
This commit is contained in:
Morgan Aubert 2018-03-28 10:34:01 -04:00
parent 582587f337
commit bdb2fdb8f5
No known key found for this signature in database
GPG key ID: C1B4CF7D5E7250BC
1 changed files with 4 additions and 0 deletions
Show stats Download patch file Download diff file Expand all files Collapse all files

4
oidc_provider/templates/oidc_provider/check_session_iframe.html
View file

@ -9,6 +9,10 @@
window.addEventListener("message", receiveMessage, false);
function receiveMessage(e) {
if (!e.data || typeof e.data != 'string' || e.data == 'error') {
return;
}
var status;
try {
var clientId = e.data.split(' ')[0];