gpt4 book ai didi

javascript - OAuth弹窗跨域安全React.js

转载 作者:行者123 更新时间:2023-12-03 13:17:47 24 4
gpt4 key购买 nike

我对如何使用弹出窗口 (window.open) 在 React 中实现 OAuth 感兴趣。

例如我有:

  1. mysite.com — 这是我打开弹出窗口的位置。
  2. passport.mysite.com/oauth/authorize — 弹出窗口。

主要问题是如何在window.open(弹出窗口)和window.opener之间创建连接(众所周知,由于交叉,window.opener为空)域安全,因此我们不能再使用它)。

window.opener is removed whenever you navigate to a different host (for security reasons), there is no way around it. The only option should be doing the payment in a frame if it is possible. The top document needs to stay on the same host.

方案:

enter image description here

可能的解决方案:

  1. 使用描述的 setInterval 检查打开的窗口 here .
  2. 使用 cross-storage (恕我直言,不值得)。
<小时/>

那么 2019 年最推荐的方法是什么?

Wrapper for React - https://github.com/Ramshackle-Jamathon/react-oauth-popup

最佳答案

建议者Khanh TO 。带有 localStorage 的 OAuth 弹出窗口。基于react-oauth-popup .

方案:

enter image description here

代码:

oauth-popup.tsx:

import React, {PureComponent, ReactChild} from 'react'

type Props = {
width: number,
height: number,
url: string,
title: string,
onClose: () => any,
onCode: (params: any) => any,
children?: ReactChild,
}

export default class OauthPopup extends PureComponent<Props> {

static defaultProps = {
onClose: () => {},
width: 500,
height: 500,
url: "",
title: ""
};

externalWindow: any;
codeCheck: any;

componentWillUnmount() {
if (this.externalWindow) {
this.externalWindow.close();
}
}

createPopup = () => {
const {url, title, width, height, onCode} = this.props;
const left = window.screenX + (window.outerWidth - width) / 2;
const top = window.screenY + (window.outerHeight - height) / 2.5;

const windowFeatures = `toolbar=0,scrollbars=1,status=1,resizable=0,location=1,menuBar=0,width=${width},height=${height},top=${top},left=${left}`;

this.externalWindow = window.open(
url,
title,
windowFeatures
);

const storageListener = () => {
try {
if (localStorage.getItem('code')) {
onCode(localStorage.getItem('code'));
this.externalWindow.close();
window.removeEventListener('storage', storageListener);
}
} catch (e) {
window.removeEventListener('storage', storageListener);
}
}

window.addEventListener('storage', storageListener);

this.externalWindow.addEventListener('beforeunload', () => {
this.props.onClose()
}, false);
};

render() {
return (
<div onClick={this.createPopup)}>
{this.props.children}
</div>
);
}
}

app.tsx

import React, {FC} from 'react'

const onCode = async (): Promise<undefined> => {
try {
const res = await <your_fetch>
} catch (e) {
console.error(e);
} finally {
window.localStorage.removeItem('code'); //remove code from localStorage
}
}

const App: FC = () => (
<OAuthPopup
url={<your_url>}
onCode={onCode}
onClose={() => console.log('closed')}
title="<your_title>">
<button type="button">Enter</button>
</OAuthPopup>
);

export default App;

关于javascript - OAuth弹窗跨域安全React.js,我们在Stack Overflow上找到一个类似的问题: https://stackoverflow.com/questions/58732237/

24 4 0
Copyright 2021 - 2024 cfsdn All Rights Reserved 蜀ICP备2022000587号
广告合作:1813099741@qq.com 6ren.com