search

google / u2f-ref-code

U2F reference implementations
BSD 3-Clause "New" or "Revised" License
585 stars 182 forks source link

trampoline iframe for the build-in chrome extension_id seems not working #174

Closed emasean closed 5 years ago

emasean commented 6 years ago

we are getting the following javascript error:

Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null').

when using the build-in chrome extension_id, we suspect the following code was triggered inside u2f-api.js:

/**
 * Sets up an embedded trampoline iframe, sourced from the extension.
 * @param {function(MessagePort)} callback
 * @private
 */
u2f.getIframePort_ = function(callback) {
  // Create the iframe
  var iframeOrigin = 'chrome-extension://' + u2f.EXTENSION_ID;
  var iframe = document.createElement('iframe');
  iframe.src = iframeOrigin + '/u2f-comms.html';
  iframe.setAttribute('style', 'display:none');
  document.body.appendChild(iframe);

  var channel = new MessageChannel();
  var ready = function(message) {
    if (message.data == 'ready') {
      channel.port1.removeEventListener('message', ready);
      callback(channel.port1);
    } else {
      console.error('First event on iframe port was not "ready"');
    }
  };
  channel.port1.addEventListener('message', ready);
  channel.port1.start();

  iframe.addEventListener('load', function() {
    // Deliver the port to the iframe and initialize
    iframe.contentWindow.postMessage('init', iframeOrigin, [channel.port2]);
  });
};

this was triggered since the origin is not whitelisted, how can we avoid this to happen?

emasean commented 6 years ago

Just to clarify, when using Chrome extension's extension_id, our code works fine.

emasean commented 6 years ago

After some further checking it seems the iframe source of chrome-extension://kmendfapggjehodndflmmgagdbamhnfd/u2f-comms.html can not be found, therefore this generic javascript error of Failed to execute 'postMessage' on 'DOMWindow': The target origin provided ('chrome-extension://kmendfapggjehodndflmmgagdbamhnfd') does not match the recipient window's origin ('null')., on the other side, chrome-extension://pfboblefjcgdjicmnffhdgionmgcdmne/u2f-comms.html can be found which made the Chrome extension's extension_id work.

emasean commented 6 years ago

Just wonder if everyone is using the Chrome U2F extension and not the build-in extension ID? so avoiding this issue?

emasean commented 5 years ago

Seems working now on Chrome 69.0.3497.100...

OrizzoN7 commented 2 years ago

No1