fix(redirects): use window.top when doing redirects on the client-side

rauchg / slackin

Public Slack organizations made easy

http://rauchg.com/slackin/

MIT License

6.51k stars 1.35k forks source link

fix(redirects): use window.top when doing redirects on the client-side #158

Closed ahmadnassri closed 8 years ago

ahmadnassri commented 8 years ago

when the widget is used inside an iframe, location.href is not enough to trigger a redirect. top.location (and alias of window.top.location) will ensure the redirect is correctly triggered.

laughinghan commented 8 years ago

As discussed in #154, this actually isn't reliable, the page could have a Content-Security-Policy that disables top-level navigation by scripts in iframes; consider #154's more robust technique instead.

ahmadnassri commented 8 years ago

@laughinghan ah, i had this fixed on my fork for a while, and completely missed #154 ... (should have checked before opening this)

+1000 for postMessage, certainly a better approach.