Verify that the post message source origin us https://tails.boum.org

729440c5 · Uzair Farooq · 597e28a9 · 729440c5
Commit 729440c5 authored Nov 22, 2017 by Uzair Farooq
Hide whitespace changes
Inline Side-by-side

Showing with 1 addition and 1 deletion

wiki/src/install/inc/js/dave_2.js wiki/src/install/inc/js/dave_2.js +1 -1

No files found.
--- a/wiki/src/install/inc/js/dave_2.js
+++ b/wiki/src/install/inc/js/dave_2.js
@@ -3,7 +3,7 @@ document.addEventListener("DOMContentLoaded", function() {
  window.addEventListener("message", receiveMessage);

  function receiveMessage(event) {
-    if (event.source !== window || !event.data) {
+    if (event.source !== window || event.origin !== "https://tails.boum.org" || !event.data) {
      return;
    }
    if (event.data.action === "verifying") {