From b8f189f2a5ea0e23f023ada9959439a1f8ce48cc Mon Sep 17 00:00:00 2001 From: Henric Malmberg Date: Sun, 4 Feb 2018 13:00:38 +0100 Subject: [PATCH] do not use window.history if inside iframe (#3437) * do not use window.history if inside iframe * Move security related test cases into a its own file. * Removes the unused renderScript function * Add a nerv example. (#3573) * Add a nerv example. * Fix for indentation/style * Fix for name * warn user about browser history if next.js used in iframe --- lib/router/router.js | 6 ++++-- 1 file changed, 4 insertions(+), 2 deletions(-) diff --git a/lib/router/router.js b/lib/router/router.js index f03107bf..8eedd6ad 100644 --- a/lib/router/router.js +++ b/lib/router/router.js @@ -4,7 +4,7 @@ import { parse, format } from 'url' import EventEmitter from '../EventEmitter' import shallowEquals from '../shallow-equals' import PQueue from '../p-queue' -import { loadGetInitialProps, getURL } from '../utils' +import { loadGetInitialProps, getURL, warn, execOnce } from '../utils' import { _notifyBuildIdMismatch, _rewriteUrlForNextExport } from './' export default class Router { @@ -185,7 +185,9 @@ export default class Router { } changeState (method, url, as, options = {}) { - if (method !== 'pushState' || getURL() !== as) { + if (window.frameElement) { + execOnce(warn)(`Warning: You're using Next.js inside an iFrame. Browser history is disabled.`) + } else if (method !== 'pushState' || getURL() !== as) { window.history[method]({ url, as, options }, null, as) } }