Prevent uncaught SecurityError in extensionHostFrame (!5552) · Merge requests · Administrator / sourcegraph

Administrator requested to merge extension-host-frame-xorigin into master Sep 12, 2019

Created by: lguychard

When the integration assets are self-hosted by the code host, accessing window.parent.SOURCEGRAPH_ASSETS_URL is not an issue. However, when fetching extensionHostFrame from the sourcegraph instance, window.parent is cross-origin, and accessing it will throw a SecurityError.

Prevent uncaught SecurityError in extensionHostFrame

Merge request reports