holm/egroupware
1
1
Fork 0
forked from extern/egroupware
Code Issues Pull Requests Packages Projects Releases Wiki Activity

fix security exeception if opener is from a different security context eg. LTI opening in a new window

Browse Source
This commit is contained in:
Ralf Becker 2021-05-20 16:35:54 +02:00
parent b02936dddb
commit 450febb623
1 changed files with 13 additions and 11 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

24
api/js/jsapi/egw.js
View File

@ -238,18 +238,20 @@
gen_time_async.text(egw.lang('async includes took %1s', (end_time-start_time)/1000));
// Make sure opener knows when we close - start a heartbeat
if((popup || window.opener) && window.name != '')
{
// Timeout is 5 seconds, but it iks only applied(egw_utils) when something asks for the window list
window.setInterval(function() {
if (window.opener && window.opener.framework && typeof window.opener.framework.popup_idx(window) == 'undefined' && !egwIsMobile())
{
window.opener.framework.popups.push(window);
}
egw().storeWindow(this.egw_appName, this);
}, 2000);
try {
if ((popup || window.opener && window.opener.framework) && window.name != '') {
// Timeout is 5 seconds, but it iks only applied(egw_utils) when something asks for the window list
window.setInterval(function () {
if (window.opener && window.opener.framework && typeof window.opener.framework.popup_idx(window) == 'undefined' && !egwIsMobile()) {
window.opener.framework.popups.push(window);
}
egw().storeWindow(this.egw_appName, this);
}, 2000);
}
}
catch(e) {
// ignore SecurityError exception if opener is different security context / cross-origin
}
// instanciate app object
var appname = window.egw_appName;
if (app && typeof app[appname] != 'object' && typeof app.classes[appname] == 'function')