kinja.js (1740B)
1 /* This Source Code Form is subject to the terms of the Mozilla Public 2 * License, v. 2.0. If a copy of the MPL was not distributed with this 3 * file, You can obtain one at http://mozilla.org/MPL/2.0/. */ 4 5 /* globals exportFunction */ 6 7 "use strict"; 8 9 /** 10 * Kinja powered blogs rely on storage access to https://kinja.com to enable 11 * oauth with external providers. For dFPI, sites need to use the Storage Access 12 * API to gain first party storage access. This shim calls requestStorageAccess 13 * on behalf of the site when a user wants to log in via oauth. 14 */ 15 16 // Third-party origin we need to request storage access for. 17 const STORAGE_ACCESS_ORIGIN = "https://kinja.com"; 18 19 // Prefix of the path opened in a new window when users click the oauth login 20 // buttons. 21 const OAUTH_PATH_PREFIX = "/oauthlogin?provider="; 22 23 console.warn( 24 `When using oauth, Firefox calls the Storage Access API on behalf of the site. See https://bugzilla.mozilla.org/show_bug.cgi?id=1656171 for details.` 25 ); 26 27 // Overwrite the window.open method so we can detect oauth related popups. 28 const origOpen = window.wrappedJSObject.open; 29 Object.defineProperty(window.wrappedJSObject, "open", { 30 value: exportFunction((url, ...args) => { 31 // Filter oauth popups. 32 if (!url.startsWith(OAUTH_PATH_PREFIX)) { 33 return origOpen(url, ...args); 34 } 35 // Request storage access for Kinja. 36 document.requestStorageAccessForOrigin(STORAGE_ACCESS_ORIGIN).then(() => { 37 origOpen(url, ...args); 38 }); 39 // We don't have the window object yet which window.open returns, since the 40 // sign-in flow is dependent on the async storage access request. This isn't 41 // a problem as long as the website does not consume it. 42 return null; 43 }, window), 44 });