fix: Add missing origin parameter to PostMessageTransport default constructor, verify origins in example sandbox proxy #207
+56
−6
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
commit: |
ochafik
changed the title
ochafik
changed the title
App.connect() now passes window.parent as both eventTarget and eventSource, enabling source validation by default. This ensures apps only accept messages from their parent window, preventing potential cross-app message spoofing attacks. Previously, the default transport only specified the target but not the source for validation, meaning apps would accept messages from ANY window.
The sandbox proxy now validates that messages from the parent window come from the expected host origin (derived from document.referrer). This prevents malicious pages from sending spoofed messages to the sandbox. Changes: - Extract EXPECTED_HOST_ORIGIN from document.referrer - Validate event.origin against expected origin for parent messages - Use specific origin instead of '*' when sending to parent - Reject and log messages from unexpected origins This addresses the TODO comment that was previously in the code.
ochafik
force-pushed
the
ochafik/fix-postmessage-security
branch
from
5165379 to
e43afcd
Compare
Use Promise.allSettled instead of Promise.all when connecting to servers, so that a single server failure doesn't crash the entire UI. Failed connections are logged as warnings but the UI continues with the servers that connected successfully. Also fixes video-resource-server missing server-utils.ts. 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
ochafik
force-pushed
the
ochafik/fix-postmessage-security
branch
from
e43afcd to
1cc0e16
Compare
antonpk1
approved these changes
Jan 7, 2026
ochafik
added a commit
that referenced
this pull request
Jan 7, 2026
Adds tests for the attack vector where a malicious app tries to inject messages into another app via: window.parent.parent.frames[i].frames[0].postMessage(fakeResponse, "*") The protection (added in PR #207) is that PostMessageTransport validates event.source matches the expected source (window.parent for apps), so messages from other apps are rejected. Tests added: 1. "app rejects messages from sources other than its parent" - Simulates injection attempt from page context - Verifies app remains functional after attack attempt 2. "PostMessageTransport is configured with source validation" - Verifies valid parent->app communication still works - Confirms source validation doesn't break legitimate messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
ochafik
added a commit
that referenced
this pull request
Jan 7, 2026
Adds tests for the attack vector where a malicious app tries to inject messages into another app via: window.parent.parent.frames[i].frames[0].postMessage(fakeResponse, "*") The protection (added in PR #207) is that PostMessageTransport validates event.source matches the expected source (window.parent for apps), so messages from other apps are rejected. Tests added: 1. "app rejects messages from sources other than its parent" - Simulates injection attempt from page context - Verifies app remains functional after attack attempt 2. "PostMessageTransport is configured with source validation" - Verifies valid parent->app communication still works - Confirms source validation doesn't break legitimate messages 🤖 Generated with [Claude Code](https://claude.com/claude-code) Co-Authored-By: Claude <noreply@anthropic.com>
This was referenced Jan 7, 2026
Merged
ochafik
added a commit
that referenced
this pull request
Jan 9, 2026
Merge latest changes from main including: - Vue, Svelte, Preact, and Solid basic server examples (#141) - safeAreaInsets support (#202) - E2E test fixes (#206) - npm publishing for examples (#184) - ui.resourceUri optional (#210) - Method names as consts (#192) - toolInfo.id optional (#216) - PostMessageTransport security fixes (#207, #208) - Server-utils.ts refactoring
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Fixes a security issue where the default
PostMessageTransportconstructor was not passing the expected origin parameter, potentially allowing messages from unexpected origins.Problem
When
App.connect()is called without arguments, it creates a defaultPostMessageTransport(window.parent)but was missing the origin validation parameter. This could allow message spoofing from other iframes or windows.Fix
Pass the correct origin parameter to ensure messages are validated against the expected sandbox proxy origin.
Test plan
🤖 Generated with Claude Code