Adding a warning message if an unauthorized iFrame tries to communicate with WA

Closes #1241
2021-06-28 15:20:27 +02:00 · 2021-06-28 15:20:27 +02:00 · 3fd4f9d384
commit 3fd4f9d384
parent 0c5774a48f
1 changed files with 8 additions and 1 deletions
--- a/front/src/Api/IframeListener.ts
+++ b/front/src/Api/IframeListener.ts
@ -123,11 +123,18 @@ class IframeListener {
                }
            }

+            const payload = message.data;
+
            if (foundSrc === undefined) {
+                if (isIframeEventWrapper(payload)) {
+                    console.warn('It seems an iFrame is trying to communicate with WorkAdventure but was not explicitly granted the permission to do so. ' +
+                        'If you are looking to use the WorkAdventure Scripting API inside an iFrame, you should allow the ' +
+                        'iFrame to communicate with WorkAdventure by using the "openWebsiteAllowApi" property in your map (or passing "true" as a second' +
+                        'parameter to WA.nav.openCoWebSite())');
+                }
                return;
            }

-            const payload = message.data;
            if (isIframeEventWrapper(payload)) {
                if (payload.type === 'showLayer' && isLayerEvent(payload.data)) {
                    this._showLayerStream.next(payload.data);