Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

Check for cross-origin rather than cross-domain when enabling synthetic devicemotion events. #271

Closed
wmatyjewicz opened this issue Jul 1, 2017 · 3 comments
Closed

Check for cross-origin rather than cross-domain when enabling synthetic devicemotion events. #271

wmatyjewicz opened this issue Jul 1, 2017 · 3 comments
Labels
iOS

Comments

@wmatyjewicz
Copy link

Listening to synthetic devicemotion events is currently enabled on iOS when polyfill is used a inside cross-domain but iOS blocks devicemotion events for cross-origin iframes, where protocol, domain and port are taken into consideration.

Util.isInsideCrossDomainIFrame could be changed into Util.isInsideCrossOriginIFrame in the following way:

Util.isInsideCrossOriginIFrame = function() {
  var isFramed = (window.self !== window.top);
  var refOrigin = Util.getOriginFromUrl(document.referrer);
  var thisOrigin = Util.getOriginFromUrl(window.location.href);

  return isFramed && (refOrigin !== thisOrigin);
};

Util.getOriginFromUrl = function(url) {
  var domainIdx;
  var protoSepIdx = url.indexOf("://");
  if (protoSepIdx !== -1) {
    domainIdx = protoSepIdx + 3;
  } else {
    domainIdx = 0;
  }
  var domainEndIdx = url.indexOf('/', domainIdx);
  if (domainEndIdx === -1) {
    domainEndIdx = url.length;
  }
  return url.substring(0, domainEndIdx);
};
@cvan
Copy link
Contributor

cvan commented Sep 6, 2017

thanks for filing. this is useful information.

couldn't you instead replace all this with window.self !== window.top && window.top.origin !== window.self.origin?

btw, if you need to keep the other code, Util.getOriginFromUrl could be replaced with this:

Util.getOriginFromUrl = function (url) { return new URL(url).origin; };

or to support older browsers:

var a = document.createElement('a');
Util.getOriginFromUrl = function (url) { a.href = url; return a.origin; };

@cvan cvan added the iOS label Sep 6, 2017
@brianchirls
Copy link
Contributor

It may also be useful to check document.domain. If the iframe has a sandbox attribute without the allow-same-origin permission, it will have a "null origin" and document.domain will be an empty string. Not clear if that's necessary though.

@brianchirls brianchirls mentioned this issue Nov 9, 2017
Closed
jsantell added a commit to immersive-web/cardboard-vr-display that referenced this issue Dec 29, 2017
@jsantell
Detect for cross-origin, not just cross-domain, iframes when on iOS. F…
3e2abe5 
…ixes immersive-web/webvr-polyfill#271
@jsantell jsantell mentioned this issue Dec 29, 2017
Merged
@jsantell
Copy link
Contributor

Fixed in 71eb215 in 0.10.1

@jsantell jsantell mentioned this issue Dec 29, 2017
Closed
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
iOS
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
4 participants
@cvan @brianchirls @jsantell @wmatyjewicz