Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

[Bug]: Potential Infinite IFrame Creation When 'checkSessionIframe' Is undefined #1975

Open
arlllk opened this issue Jul 3, 2024 · 4 comments
Open

[Bug]: Potential Infinite IFrame Creation When 'checkSessionIframe' Is undefined #1975

arlllk opened this issue Jul 3, 2024 · 4 comments
Assignees
@FabianGosebrink

Comments

@arlllk
Copy link

arlllk commented Jul 3, 2024

Version

17.1.0+

Please provide a link to a minimal reproduction of the bug

No response

Please provide the exception or error you saw

When 'checkSessionIframe' is not present in the OpenID configuration, the library appears to create a recursive iframe structure(myiFrameForCheckSession). This results in the application repeatedly initializing itself within nested iframes.

Steps to reproduce the behavior

- Configure an OpenID Connect provider without specifying 'checkSessionIframe' in the '.well-known/openid-configuration'.
 - Start the app
 - Observe the continuous creation of nested iframes

A clear and concise description of what you expected to happen.

The library should handle cases where 'checkSessionIframe' is not defined gracefully, without creating an infinite loop of iframes.

Additional context

This issue appears to have been introduced with commit 367448f here, The change seems to have moved an 'if' expression that previously checked if 'checkSessionIframe' was undefined or null before setting the iframe location.
@ZeroZeroOne-dev
Copy link

Bump. we're currently running into this issue.

@FabianGosebrink
Copy link
Collaborator

Yep, nice catch. The if is truthy, but it is still running further also with a falsy checkSessionIframe. Will fix that after the weekend.

@FabianGosebrink FabianGosebrink self-assigned this Oct 3, 2024
FabianGosebrink added a commit that referenced this issue Oct 17, 2024
@FabianGosebrink
#1975 early return if Iframe is not present
7d8f451
@FabianGosebrink FabianGosebrink mentioned this issue Oct 17, 2024
Merged
@FabianGosebrink
Copy link
Collaborator

@arlllk Added an early return to prevent this case you mentioned. Does that fit your needs?

@arlllk
Copy link
Author

arlllk commented Oct 17, 2024

Yes, that PR fixes the issue

Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees

@FabianGosebrink FabianGosebrink

Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
3 participants
@ZeroZeroOne-dev @FabianGosebrink @arlllk