OAuth popup cross-domain security React.js
Art*_*hur 12 javascript authorization oauth popup reactjs
I'm interested in how to implement OAuth in React using popup (window.open).
For example I have:
mysite.com— this is where I open the popup.passport.mysite.com/oauth/authorize— popup.
主要问题是如何在window.open(popup)和(popup)之间建立连接(window.opener众所周知,由于跨域安全性,window.opener为null,因此我们不能再使用它了)。
?
window.opener每当您导航到其他主机(出于安全原因)时,都将被删除,因此无法解决。如果可能的话,唯一的选择应该是在框架内付款。最上面的文档需要保留在同一主机上。
方案:
可能的解决方案:
那么,2019年推荐的最佳方法是什么?
React包装器-https: //github.com/Ramshackle-Jamathon/react-oauth-popup
TO Khanh建议。带有localStorage的OAuth弹出窗口。基于react-oauth-popup。
方案:
码:
oauth-popup.tsx:
import React, {PureComponent, ReactChild} from 'react'
type Props = {
width: number,
height: number,
url: string,
title: string,
onClose: () => any,
onCode: (params: any) => any,
children?: ReactChild,
}
export default class OauthPopup extends PureComponent<Props> {
static defaultProps = {
onClose: () => {},
width: 500,
height: 500,
url: "",
title: ""
};
externalWindow: any;
codeCheck: any;
componentWillUnmount() {
if (this.externalWindow) {
this.externalWindow.close();
}
}
createPopup = () => {
const {url, title, width, height, onCode} = this.props;
const left = window.screenX + (window.outerWidth - width) / 2;
const top = window.screenY + (window.outerHeight - height) / 2.5;
const windowFeatures = `toolbar=0,scrollbars=1,status=1,resizable=0,location=1,menuBar=0,width=${width},height=${height},top=${top},left=${left}`;
this.externalWindow = window.open(
url,
title,
windowFeatures
);
const storageListener = () => {
try {
if (localStorage.getItem('code')) {
onCode(localStorage.getItem('code'));
this.externalWindow.close();
window.removeEventListener('storage', storageListener);
}
} catch (e) {
window.removeEventListener('storage', storageListener);
}
}
window.addEventListener('storage', storageListener);
this.externalWindow.addEventListener('beforeunload', () => {
this.props.onClose()
}, false);
};
render() {
return (
<div onClick={this.createPopup)}>
{this.props.children}
</div>
);
}
}
app.tsx
import React, {FC} from 'react'
const App: FC = () => {
const onCode = async (): Promise<undefined> => {
try {
const res = await <your_fetch>
} catch (e) {
console.error(e);
} finally {
window.localStorage.removeItem('code'); //remove code from localStorage
}
}
return (
<OAuthPopup
url={<your_url>}
onCode={onCode}
onClose={() => console.log('closed')}
title="<your_title>">
<button type="button">Enter</button>
</OAuthPopup>
);
};
export default App;
| 归档时间: |
|
| 查看次数: |
311 次 |
| 最近记录: |