Skip to content

feat: enforce https when using postMessage#7307

Draft
Danziger wants to merge 3 commits intodevelopfrom
feat/remove-origin-defaults-when-possible
Draft

feat: enforce https when using postMessage#7307
Danziger wants to merge 3 commits intodevelopfrom
feat/remove-origin-defaults-when-possible

Conversation

@Danziger
Copy link
Copy Markdown
Contributor

@Danziger Danziger commented Apr 10, 2026
edited
Loading

Summary

To Test

  1. <> Open the page about
  • <<What to expect?>> Verify it contains about information...
  • Checkbox Style list of things a QA person could verify, i.e.
  • Should display Text Input our storybook
  • Input should not accept Numbers
  1. <> ...

Background

Optional: Give background information for changes you've made, that might be difficult to explain via comments

@vercel
Copy link
Copy Markdown

vercel bot commented Apr 10, 2026
edited
Loading

The latest updates on your projects. Learn more about Vercel for GitHub.

Project Deployment Actions Updated (UTC)
cowfi Ready Ready Preview Apr 13, 2026 8:21am
explorer-dev Ready Ready Preview Apr 13, 2026 8:21am
swap-dev Ready Ready Preview Apr 13, 2026 8:21am
widget-configurator Ready Ready Preview Apr 13, 2026 8:21am
2 Skipped Deployments
Project Deployment Actions Updated (UTC)
cosmos Ignored Ignored Apr 13, 2026 8:21am
sdk-tools Ignored Ignored Preview Apr 13, 2026 8:21am

Request Review

@coderabbitai
Copy link
Copy Markdown
Contributor

coderabbitai bot commented Apr 10, 2026
edited
Loading

Important

Review skipped

Draft detected.

Please check the settings in the CodeRabbit UI or the .coderabbit.yaml file in this repository. To trigger a single review, invoke the @coderabbitai review command.

⚙️ Run configuration

Configuration used: Repository UI

Review profile: CHILL

Plan: Pro

Run ID: 2aaa67ba-661e-499d-9c51-c4301b7865c2

You can disable this status message by setting the reviews.review_status to false in the CodeRabbit configuration file.

Use the checkbox below for a quick retry:

  • 🔍 Trigger review
✨ Finishing Touches
🧪 Generate unit tests (beta)
  • Create PR with unit tests
  • Commit unit tests in branch feat/remove-origin-defaults-when-possible

Thanks for using CodeRabbit! It's free for OSS, and your support helps us grow. If you like it, consider giving us a shout-out.

❤️ Share

Comment @coderabbitai help to get the list of available commands and usage tips.

Danziger
Danziger commented Apr 13, 2026
View reviewed changes
Comment thread libs/iframe-transport/src/IframeTransport.ts
}

contentWindow.postMessage(postPayload, targetOrigin)
// Old versions of the widget will still have '*' as target origin, so we fallback to the default origin. Integrations using a custom `baseUrl` will break.
Copy link
Copy Markdown
Contributor Author

@Danziger Danziger Apr 13, 2026

Choose a reason for hiding this comment

The reason will be displayed to describe this comment to others. Learn more.

Here we DO need the fallback for backwards compatibility.

Base automatically changed from chore/main-to-develop to develop April 13, 2026 08:21
An error occurred while trying to automatically change base from chore/main-to-develop to develop April 13, 2026 08:21
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment

Reviewers

No reviews

Assignees

No one assigned

Labels

None yet

Projects

None yet

Milestone

No milestone

Development

Successfully merging this pull request may close these issues.

1 participant

@Danziger