From bff7e8fd5bc0f7801a0b6f73f3a30b03147fb331 Mon Sep 17 00:00:00 2001 From: Chris Beer Date: Thu, 19 Dec 2024 14:46:02 -0800 Subject: [PATCH] URL-encoding access token service source url; fixes #3902 --- __tests__/src/components/AccessTokenSender.test.js | 2 +- src/components/AccessTokenSender.js | 6 +++++- 2 files changed, 6 insertions(+), 2 deletions(-) diff --git a/__tests__/src/components/AccessTokenSender.test.js b/__tests__/src/components/AccessTokenSender.test.js index 377f379cb7..a0cb575f78 100644 --- a/__tests__/src/components/AccessTokenSender.test.js +++ b/__tests__/src/components/AccessTokenSender.test.js @@ -22,7 +22,7 @@ describe('AccessTokenSender', () => { it('renders properly', () => { const { container } = createWrapper({ url: 'http://example.com' }); - expect(container.querySelector('iframe')).toHaveAttribute('src', 'http://example.com?origin=http://localhost&messageId=http://example.com'); // eslint-disable-line testing-library/no-node-access, testing-library/no-container + expect(container.querySelector('iframe')).toHaveAttribute('src', 'http://example.com/?origin=http%3A%2F%2Flocalhost&messageId=http%3A%2F%2Fexample.com'); // eslint-disable-line testing-library/no-node-access, testing-library/no-container }); it('triggers an action when the iframe sends a message', () => { diff --git a/src/components/AccessTokenSender.js b/src/components/AccessTokenSender.js index c6580aa1a0..ade30b8c17 100644 --- a/src/components/AccessTokenSender.js +++ b/src/components/AccessTokenSender.js @@ -12,13 +12,17 @@ export function AccessTokenSender({ handleAccessTokenMessage, url = undefined }) if (!url) return null; + const src = new URL(url); + src.searchParams.append('origin', window.origin); + src.searchParams.append('messageId', url); + /** login, clickthrough/kiosk open @id, wait for close external, no-op */ return (