From 1a859c0f271e2944f266e39c28ff3e39448e14d3 Mon Sep 17 00:00:00 2001
From: Evan Carothers <evan.carothers@gmail.com>
Date: Wed, 26 Oct 2016 14:44:48 -0400
Subject: [PATCH] bugfix for origin detection in xdomain_cookie

---
 dev/xdomain_cookie.dev.js | 2 +-
 src/xdomain_cookie.js     | 2 +-
 src/xdomain_cookie.min.js | 2 +-
 3 files changed, 3 insertions(+), 3 deletions(-)

diff --git a/dev/xdomain_cookie.dev.js b/dev/xdomain_cookie.dev.js
index 783324a..868bf23 100644
--- a/dev/xdomain_cookie.dev.js
+++ b/dev/xdomain_cookie.dev.js
@@ -31,7 +31,7 @@
 			_log("_inbound_postmessage", event.origin, event.data);
 
 			var origin = event.origin || event.originalEvent.origin; // For Chrome, the origin property is in the event.originalEvent object.
-			if (origin !== iframe_path) return; //incoming message not from iframe
+			if (iframe_path.substr(0,origin.length) !== origin) return; //incoming message not from iframe
 			
 			if(typeof event.data !== 'string') return; //expected json string encoded payload
 			var data = null;
diff --git a/src/xdomain_cookie.js b/src/xdomain_cookie.js
index 02407a9..ed1d702 100644
--- a/src/xdomain_cookie.js
+++ b/src/xdomain_cookie.js
@@ -33,7 +33,7 @@
 			_log("_inbound_postmessage", event.origin, event.data);
 
 			var origin = event.origin || event.originalEvent.origin; // For Chrome, the origin property is in the event.originalEvent object.
-			if (origin !== iframe_path) return; //incoming message not from iframe
+			if (iframe_path.substr(0,origin.length) !== origin) return; //incoming message not from iframe
 			
 			if(typeof event.data !== 'string') return; //expected json string encoded payload
 			var data = null;
diff --git a/src/xdomain_cookie.min.js b/src/xdomain_cookie.min.js
index efae502..c2aef9e 100644
--- a/src/xdomain_cookie.min.js
+++ b/src/xdomain_cookie.min.js
@@ -1,3 +1,3 @@
 /* Version 1.0.6 xdomain-cookies (http://contently.github.io/xdomain-cookies/) from Contently (https://github.com/contently) */
 
-!function(exports){"use strict";var xDomainCookie=function(iframe_path,namespace,xdomain_only,iframe_load_timeout_ms,secure_only,debug){function _log(){_debug&&(arguments[0]=":XDC_PAGE: "+arguments[0],console.log.apply(console,arguments))}function _inbound_postmessage(event){_log("_inbound_postmessage",event.origin,event.data);var origin=event.origin||event.originalEvent.origin;if(origin===iframe_path&&"string"==typeof event.data){var data=null;try{data=JSON.parse(event.data)}catch(e){}"object"!=typeof data||data instanceof Array||"msg_type"in data&&"xdsc_read"===data.msg_type&&"namespace"in data&&data.namespace===_namespace&&(_xdomain_cookie_data=data.cookies,_iframe_ready=!0,_fire_pending_callbacks())}}function _iframe_load_error_occured(){_log("_iframe_load_error_occured"),_iframe_load_error=!0,_fire_pending_callbacks()}function _on_iframe_ready_or_error(cb){_callbacks.push(cb),_fire_pending_callbacks()}function _fire_pending_callbacks(){if(_iframe_load_error||_iframe_ready)for(;_callbacks.length>0;)_callbacks.pop()(_iframe_load_error)}function _set_cookie_in_iframe(cookie_name,cookie_value,expires_days){var data={namespace:_namespace,msg_type:"xdsc_write",cookie_name:cookie_name,cookie_val:cookie_value,expires_days:expires_days,secure_only:_secure_only};_log("_set_cookie_in_iframe",data),document.getElementById("xdomain_cookie_"+_id).contentWindow.postMessage(JSON.stringify(data),iframe_path)}function _get_local_cookie(cookie_name){for(var name=cookie_name+"=",ca=document.cookie.split(";"),i=0;i<ca.length;i++){var c=ca[i].trim();if(0===c.indexOf(name))return decodeURIComponent(c.substring(name.length,c.length))}return""}function _set_local_cookie(cookie_name,cookie_value,expires_days){var d=new Date;d.setTime(d.getTime()+1e3*expires_days*60*60*24);var cookie_val=cookie_name+"="+cookie_value+"; expires="+d.toUTCString()+(_secure_only?";secure":"");_log("_set_local_cookie",cookie_val),document.cookie=cookie_val}function _set_xdomain_cookie_value(cookie_name,cookie_value,expires_days){return _iframe_ready||_iframe_load_error?(expires_days=expires_days||_default_expires_days,expires_days=null===cookie_value||void 0===cookie_value?-100:expires_days,_xdomain_only||_set_local_cookie(cookie_name,cookie_value,expires_days),_iframe_load_error||_set_cookie_in_iframe(cookie_name,cookie_value,expires_days),void(_xdomain_cookie_data[cookie_name]=cookie_value)):_callbacks.push(function(){_set_xdomain_cookie_value(cookie_name,cookie_value,expires_days)})}function _get_xdomain_cookie_value(cookie_name,callback,expires_days){function _cb(xdomain_success,cookie_val,callback){_log("_get_xdomain_cookie_value D",xdomain_success,cookie_val),_set_xdomain_cookie_value(cookie_name,cookie_val,expires_days),"function"==typeof callback&&callback(cookie_val)}if(expires_days=expires_days||_default_expires_days,_log("_get_xdomain_cookie_value A",cookie_name),!_xdomain_only){var _existing_local_cookie_val=_get_local_cookie(cookie_name);if(_existing_local_cookie_val)return _log("_get_xdomain_cookie_value B",_existing_local_cookie_val),_on_iframe_ready_or_error(function(is_err){_cb(!is_err,_existing_local_cookie_val)}),callback(_existing_local_cookie_val)}_on_iframe_ready_or_error(function(is_err){if(_log("_get_xdomain_cookie_value C",is_err),is_err)return _cb(!1,null,callback);var _current_cookie_val=cookie_name in _xdomain_cookie_data?_xdomain_cookie_data[cookie_name]:null;_cb(!is_err,_current_cookie_val,callback)})}"//"===iframe_path.substr(0,2)&&(iframe_path=("https:"===window.location.protocol?"https:":"http:")+iframe_path);var _namespace=namespace||"xdsc",_load_wait_ms=iframe_load_timeout_ms||6e3,_iframe_ready=!1,_iframe_load_error=!1,_callbacks=[],_xdomain_cookie_data={},_id=(new Date).getTime(),_default_expires_days=30,_xdomain_only=!!xdomain_only,_secure_only=!!secure_only,_debug=!!debug;window.addEventListener("message",_inbound_postmessage);var ifr=document.createElement("iframe");ifr.style.display="none",ifr.id="xdomain_cookie_"+_id;var data={namespace:_namespace,window_origin:window.location.origin,iframe_origin:iframe_path,debug:_debug};return ifr.src=iframe_path+"/xdomain_cookie.html#"+encodeURIComponent(JSON.stringify(data)),document.body.appendChild(ifr),_log("creating iframe",ifr.src),setTimeout(function(){_iframe_ready||_iframe_load_error_occured()},_load_wait_ms),{get:_get_xdomain_cookie_value,set:_set_xdomain_cookie_value}};exports.xDomainCookie=xDomainCookie}(this);
\ No newline at end of file
+!function(exports){"use strict";var xDomainCookie=function(iframe_path,namespace,xdomain_only,iframe_load_timeout_ms,secure_only,debug){function _log(){_debug&&(arguments[0]=":XDC_PAGE: "+arguments[0],console.log.apply(console,arguments))}function _inbound_postmessage(event){_log("_inbound_postmessage",event.origin,event.data);var origin=event.origin||event.originalEvent.origin;if(iframe_path.substr(0,origin.length)===origin&&"string"==typeof event.data){var data=null;try{data=JSON.parse(event.data)}catch(e){}"object"!=typeof data||data instanceof Array||"msg_type"in data&&"xdsc_read"===data.msg_type&&"namespace"in data&&data.namespace===_namespace&&(_xdomain_cookie_data=data.cookies,_iframe_ready=!0,_fire_pending_callbacks())}}function _iframe_load_error_occured(){_log("_iframe_load_error_occured"),_iframe_load_error=!0,_fire_pending_callbacks()}function _on_iframe_ready_or_error(cb){_callbacks.push(cb),_fire_pending_callbacks()}function _fire_pending_callbacks(){if(_iframe_load_error||_iframe_ready)for(;_callbacks.length>0;)_callbacks.pop()(_iframe_load_error)}function _set_cookie_in_iframe(cookie_name,cookie_value,expires_days){var data={namespace:_namespace,msg_type:"xdsc_write",cookie_name:cookie_name,cookie_val:cookie_value,expires_days:expires_days,secure_only:_secure_only};_log("_set_cookie_in_iframe",data),document.getElementById("xdomain_cookie_"+_id).contentWindow.postMessage(JSON.stringify(data),iframe_path)}function _get_local_cookie(cookie_name){for(var name=cookie_name+"=",ca=document.cookie.split(";"),i=0;i<ca.length;i++){var c=ca[i].trim();if(0===c.indexOf(name))return decodeURIComponent(c.substring(name.length,c.length))}return""}function _set_local_cookie(cookie_name,cookie_value,expires_days){var d=new Date;d.setTime(d.getTime()+1e3*expires_days*60*60*24);var cookie_val=cookie_name+"="+cookie_value+"; expires="+d.toUTCString()+(_secure_only?";secure":"");_log("_set_local_cookie",cookie_val),document.cookie=cookie_val}function _set_xdomain_cookie_value(cookie_name,cookie_value,expires_days){return _iframe_ready||_iframe_load_error?(expires_days=expires_days||_default_expires_days,expires_days=null===cookie_value||void 0===cookie_value?-100:expires_days,_xdomain_only||_set_local_cookie(cookie_name,cookie_value,expires_days),_iframe_load_error||_set_cookie_in_iframe(cookie_name,cookie_value,expires_days),void(_xdomain_cookie_data[cookie_name]=cookie_value)):_callbacks.push(function(){_set_xdomain_cookie_value(cookie_name,cookie_value,expires_days)})}function _get_xdomain_cookie_value(cookie_name,callback,expires_days){function _cb(xdomain_success,cookie_val,callback){_log("_get_xdomain_cookie_value D",xdomain_success,cookie_val),_set_xdomain_cookie_value(cookie_name,cookie_val,expires_days),"function"==typeof callback&&callback(cookie_val)}if(expires_days=expires_days||_default_expires_days,_log("_get_xdomain_cookie_value A",cookie_name),!_xdomain_only){var _existing_local_cookie_val=_get_local_cookie(cookie_name);if(_existing_local_cookie_val)return _log("_get_xdomain_cookie_value B",_existing_local_cookie_val),_on_iframe_ready_or_error(function(is_err){_cb(!is_err,_existing_local_cookie_val)}),callback(_existing_local_cookie_val)}_on_iframe_ready_or_error(function(is_err){if(_log("_get_xdomain_cookie_value C",is_err),is_err)return _cb(!1,null,callback);var _current_cookie_val=cookie_name in _xdomain_cookie_data?_xdomain_cookie_data[cookie_name]:null;_cb(!is_err,_current_cookie_val,callback)})}"//"===iframe_path.substr(0,2)&&(iframe_path=("https:"===window.location.protocol?"https:":"http:")+iframe_path);var _namespace=namespace||"xdsc",_load_wait_ms=iframe_load_timeout_ms||6e3,_iframe_ready=!1,_iframe_load_error=!1,_callbacks=[],_xdomain_cookie_data={},_id=(new Date).getTime(),_default_expires_days=30,_xdomain_only=!!xdomain_only,_secure_only=!!secure_only,_debug=!!debug;window.addEventListener("message",_inbound_postmessage);var ifr=document.createElement("iframe");ifr.style.display="none",ifr.id="xdomain_cookie_"+_id;var data={namespace:_namespace,window_origin:window.location.origin,iframe_origin:iframe_path,debug:_debug};return ifr.src=iframe_path+"/xdomain_cookie.html#"+encodeURIComponent(JSON.stringify(data)),document.body.appendChild(ifr),_log("creating iframe",ifr.src),setTimeout(function(){_iframe_ready||_iframe_load_error_occured()},_load_wait_ms),{get:_get_xdomain_cookie_value,set:_set_xdomain_cookie_value}};exports.xDomainCookie=xDomainCookie}(this);
\ No newline at end of file