Hide the crypto keys from the hash

2020-01-27 12:18:25 +01:00
parent e3f5c89333
commit 0ad96e0966
8 changed files with 251 additions and 46 deletions
--- a/www/common/sframe-app-outer.js
+++ b/www/common/sframe-app-outer.js
@@ -8,6 +8,7 @@ define([
 ], function (nThen, ApiConfig, DomReady, RequireConfig, SFCommonO) {
    var requireConfig = RequireConfig();

+    var hash, href;
    nThen(function (waitFor) {
        DomReady.onReady(waitFor());
    }).nThen(function (waitFor) {
@@ -18,6 +19,14 @@ define([
        };
        window.rc = requireConfig;
        window.apiconf = ApiConfig;
+
+        // Hidden hash
+        hash = window.location.hash;
+        href = window.location.href;
+        if (window.history && window.history.replaceState) {
+            window.history.replaceState({}, window.document.title, '#');
+        }
+
        document.getElementById('sbox-iframe').setAttribute('src',
            ApiConfig.httpSafeOrigin + window.location.pathname + 'inner.html?' +
                requireConfig.urlArgs + '#' + encodeURIComponent(JSON.stringify(req)));
@@ -36,6 +45,8 @@ define([
        window.addEventListener('message', onMsg);
    }).nThen(function (/*waitFor*/) {
        SFCommonO.start({
+            hash: hash,
+            href: href,
            useCreationScreen: true,
            messaging: true
        });