import { getEnvValue } from '@/services/env-service.js'
function isIFrameReferrerWhitelisted() {
const whitelistedReferrers = getEnvValue('IFRAME_WHITELIST_URLS', '')
.split(',')
.map((domain) => domain.trim())
return whitelistedReferrers.some((domain) =>
document.referrer.includes(domain)
)
}
/**
* Checks if the current web page is being displayed inside an iframe or not.
* @returns
*/
function isIFramed() {
try {
return window.self !== window.top || window.top !== window.parent
} catch (err) {
return true // Assume iframed if security error
}
}
function isUnauthorizedIframe() {
if (isIFramed() && !isIFrameReferrerWhitelisted()) {
return true
} else {
return false
}
}
export default {
data() {
return {
isUnauthorizedIframe: isUnauthorizedIframe(),
}
},
created() {
if (isIFramed()) {
if (isIFrameReferrerWhitelisted()) {
console.info('Iframe referrer has been whitelisted:', document.referrer)
} else {
console.error(`Unauthorized referrer: ${document.referrer}`)
}
}
},
}
Source