blob: 78c8c18466ed45b409edf953210af51fbf2a0747 (
plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
|
def main(request, response):
origin = request.GET.first(b"origin");
value = request.GET.first(b"value");
# This is used to solve the race condition we have for postMessages
shouldSucceed = request.GET.first(b"loadShouldSucceed", b"false");
return ([(b"Content-Type", b"text/html")],
b"""<!DOCTYPE html>
<title>XFO.</title>
<body>
<script>
var gotMessage = false;
window.addEventListener("message", e => {
gotMessage = true;
window.parent.postMessage(e.data, "*");
});
var i = document.createElement("iframe");
i.src = "%s/x-frame-options/support/xfo.py?value=%s";
i.onload = _ => {
// Why two rAFs? Because that seems to be enough to stop the
// load event from racing with the onmessage event.
requestAnimationFrame(_ => {
requestAnimationFrame(_ => {
// The race condition problem we have is it is possible
// that the sub iframe is loaded before the postMessage is
// dispatched, as a result, the "Failed" message is sent
// out. So the way we fixed is we simply let the timeout
// to happen if we expect the "Loaded" postMessage to be
// sent
if (!gotMessage && %s != true) {
window.parent.postMessage("Failed", "*");
}
});
});
};
document.body.appendChild(i);
</script>
""" % (origin, value, shouldSucceed))
|