External editors.

Simplify the "valid-origin" check for cross-iframe messages.
2015-04-27 13:51:28 -07:00 · 2015-04-27 13:51:28 -07:00 · f91c0e5ec3
--- a/www/ace/ace-main.ts
+++ b/www/ace/ace-main.ts
@ -9,11 +9,9 @@ module TDev {

    // ---------- Communication protocol

-    var allowedOrigins = {
-        "http://localhost:4242": null,
-        "https://www.touchdevelop.com": null,
-        "https://mbitmain.azurewebsites.net": null
-    };
+    function isAllowedOrigin(origin: string) {
+        return origin.indexOf((<any>document.location).origin) == 0;
+    }

    // Both of these are written once when we receive the first (trusted)
    // message.
@ -28,7 +26,7 @@ module TDev {
    var currentVersion: string;

    window.addEventListener("message", (event) => {
-        if (!(event.origin in allowedOrigins))
+        if (!isAllowedOrigin(event.origin))
            return;

        if (!outer || !origin) {
--- a/www/blockly/blockly-main.ts
+++ b/www/blockly/blockly-main.ts
@ -6,11 +6,9 @@ module TDev {

  // ---------- Communication protocol

-  var allowedOrigins: { [index: string]: any } = {
-    "http://localhost:4242": null,
-    "https://www.touchdevelop.com": null,
-    "https://mbitmain.azurewebsites.net": null
-  };
+  function isAllowedOrigin(origin: string) {
+      return origin.indexOf((<any>document.location).origin) == 0;
+  }

  var $ = (s: string) => document.querySelector(s);

@ -24,7 +22,7 @@ module TDev {
  var inMerge: boolean = false;

  window.addEventListener("message", (event) => {
-    if (!(event.origin in allowedOrigins)) {
+    if (!isAllowedOrigin(event.origin)) {
      console.error("[inner message] not from the right origin!", event.origin);
      return;
    }