Merge branch 'master' into fix-hasAttribute-error

yusufali2205 · web-flow · commit 31b801dea70d · 2019-10-10T13:50:09.000-05:00
diff --git a/CHANGELOG.md b/CHANGELOG.md
@@ -1,5 +1,8 @@
 Next Release
 -------------
+1.8.0
+------
+* Remove activeACL set by referrer, as it breaks if you have your own URL in the ACL list
 
 1.7.3
 ------
diff --git a/CONTRIBUTORS.md b/CONTRIBUTORS.md
@@ -9,6 +9,7 @@ Cerner Corporation
 - Sam Milligan [@grneggandsam]
 - Supriti Yeotikar [@supritiy]
 - Cody Price [@dev-cprice]
+- Roxanne Calderon [@foxannefoxanne]
 - Yusuf Ali [@yusufali2205]
 
 [@mhemesath]: https://github.com/mhemesath
@@ -20,4 +21,5 @@ Cerner Corporation
 [@grneggandsam]: https://github.com/grneggandsam
 [@supritiy]: https://github.com/supriticerner
 [@dev-cprice]: https://github.com/dev-cprice
+[@foxannefoxanne]: https://github.com/foxannefoxanne
 [@yusufali2205]: https://github.com/yusufali2205
diff --git a/package-lock.json b/package-lock.json
diff --git a/package.json b/package.json
@@ -1,6 +1,6 @@
 {
   "name": "xfc",
-  "version": "1.7.3",
+  "version": "1.8.0",
   "description": "A Cross Frame Container that handles securely embedding web content into a 3rd party domain",
   "author": "Cerner Corporation",
   "license": "Apache-2.0",
diff --git a/src/provider/application.js b/src/provider/application.js
@@ -33,13 +33,6 @@ class Application extends EventEmitter {
     // Resize for slow loading images
     document.addEventListener('load', this.imageRequestResize.bind(this), true);
 
-    // If the document referer (parent frame) origin is trusted, default that
-    // to the active ACL;
-    const parentOrigin = new URI(document.referrer).origin;
-    if (this.acls.includes(parentOrigin)) {
-      this.activeACL = parentOrigin;
-    }
-
     const self = this;
     this.JSONRPC = new JSONRPC(
       self.send.bind(self),
diff --git a/test/application.js b/test/application.js
@@ -25,23 +25,6 @@ describe('Application', () => {
     application.init({acls, secret, onReady});
     global.document = oldDocument;
 
-    it ("sets activeACL to document referrer if in ACL", () => {
-      expect(application.activeACL).to.eq(acls[0]);
-    });
-
-    it ("doesn't set activeACL to document referrer if not in ACL", () => {
-      const insecureApp = new Application();
-      global.document = {
-        referrer: 'http://evilsite.com',
-        createElement: document.createElement.bind(document),
-        addEventListener: () => console.log('mock addEventListener')
-      };
-      insecureApp.init({acls, secret, onReady});
-      global.document = oldDocument;
-
-      expect(insecureApp.activeACL).to.equal(undefined);
-    });
-
     it("sets application's acls to the given acls", () => {
       expect(application.acls).to.eql(acls);
     });

-Original file line number
+Diff line change
@@ @@ -1,5 +1,8 @@ @@
 Next Release
 -------------
 +1.8.0
 +------
 +* Remove activeACL set by referrer, as it breaks if you have your own URL in the ACL list
 .7.3
 ------
Original file line number	Diff line number	Diff line change
`@@ -1,6 +1,6 @@`
`1`	`1`	`{`
`2`	`2`	`"name": "xfc",`
`3`		`- "version": "1.7.3",`
	`3`	`+ "version": "1.8.0",`
`4`	`4`	`"description": "A Cross Frame Container that handles securely embedding web content into a 3rd party domain",`
`5`	`5`	`"author": "Cerner Corporation",`
`6`	`6`	`"license": "Apache-2.0",`