diff --git a/src/plugins/Dropbox/index.js b/src/plugins/Dropbox/index.js index 992c89a54..d9c866d0b 100644 --- a/src/plugins/Dropbox/index.js +++ b/src/plugins/Dropbox/index.js @@ -35,6 +35,7 @@ module.exports = class Dropbox extends Plugin { // merge default options with the ones set by user this.opts = Object.assign({}, defaultOptions, opts) + this.opts.hostPattern = opts.hostPattern || opts.host } install () { diff --git a/src/plugins/GoogleDrive/index.js b/src/plugins/GoogleDrive/index.js index 30ed4a800..590075f20 100644 --- a/src/plugins/GoogleDrive/index.js +++ b/src/plugins/GoogleDrive/index.js @@ -30,6 +30,7 @@ module.exports = class GoogleDrive extends Plugin { // merge default options with the ones set by user this.opts = Object.assign({}, defaultOptions, opts) + this.opts.hostPattern = opts.hostPattern || opts.host } install () { diff --git a/src/plugins/Instagram/index.js b/src/plugins/Instagram/index.js index 71dc23f94..c4fc5722d 100644 --- a/src/plugins/Instagram/index.js +++ b/src/plugins/Instagram/index.js @@ -33,6 +33,7 @@ module.exports = class Instagram extends Plugin { // merge default options with the ones set by user this.opts = Object.assign({}, defaultOptions, opts) + this.opts.hostPattern = opts.hostPattern || opts.host } install () { diff --git a/src/views/ProviderView/index.js b/src/views/ProviderView/index.js index e8450e122..7cb593a0c 100644 --- a/src/views/ProviderView/index.js +++ b/src/views/ProviderView/index.js @@ -453,7 +453,9 @@ module.exports = class ProviderView { const authWindow = window.open(link, '_blank') const noProtocol = (url) => url.replace(/^(https?:|)\/\//, '') const handleToken = (e) => { - if (noProtocol(e.origin) !== noProtocol(this.plugin.opts.host) || e.source !== authWindow) { + const allowedOrigin = new RegExp(noProtocol(this.plugin.opts.hostPattern)) + if (!allowedOrigin.test(noProtocol(e.origin)) || e.source !== authWindow) { + console.log(`rejecting event from ${e.origin} vs allowed pattern ${this.plugin.opts.hostPattern}`) return } authWindow.close()