Commit cd47a57a authored by Robert Knight's avatar Robert Knight

Clarify that origin restrictions refer to the sidebar frame

Guest frames can be loaded in arbitrary origins, including opaque
origins.
parent 7b38d746
......@@ -26,9 +26,10 @@ export function checkEnvironment(window) {
return false;
}
// The client can't work if loaded in the wrong origin or an opaque origin
// The sidebar can't work if loaded in the wrong origin or an opaque origin
// because various cross-frame messaging (eg. login window, host <-> sidebar
// RPC) set an origin filter on `postMessage` calls.
// RPC) set an origin filter on `postMessage` calls to the sidebar frame for
// security.
if (window.origin === 'null') {
console.warn(
`Hypothesis has been loaded in a sandboxed frame. This is not supported.`
......
Markdown is supported
0% or
You are about to add 0 people to the discussion. Proceed with caution.
Finish editing this message first!
Please register or to comment