@playcademy/sdk 0.0.7 → 0.0.8

package/dist/index.js

@@ -2596,11 +2596,12 @@ function getReferrerOrigin() {
 function buildAllowedOrigins(explicit) {
   if (Array.isArray(explicit) && explicit.length > 0)
     return explicit;
-  const implicit = [getReferrerOrigin()].filter((v) => !!v);
-  return Array.from(new Set(implicit));
+  const ref = getReferrerOrigin();
+  return ref ? [ref] : [];
 }
 function isOriginAllowed(origin, allowlist) {
   if (!allowlist || allowlist.length === 0) {
+    console.error("[Playcademy SDK] No allowed origins configured. Consider passing allowedParentOrigins explicitly to init().");
     return false;
   }
   return allowlist.includes(origin);
@@ -2610,11 +2611,18 @@ async function waitForPlaycademyInit(allowedParentOrigins) {
     let contextReceived = false;
     const timeoutDuration = 5000;
     const allowlist = buildAllowedOrigins(allowedParentOrigins);
+    let hasWarnedAboutUntrustedOrigin = false;
+    function warnAboutUntrustedOrigin(origin) {
+      if (hasWarnedAboutUntrustedOrigin)
+        return;
+      hasWarnedAboutUntrustedOrigin = true;
+      console.warn("[Playcademy SDK] Ignoring INIT from untrusted origin:", origin);
+    }
     const handleMessage = (event) => {
       if (event.data?.type !== "PLAYCADEMY_INIT" /* INIT */)
         return;
       if (!isOriginAllowed(event.origin, allowlist)) {
-        console.warn("[Playcademy SDK] Ignoring INIT from untrusted origin:", event.origin);
+        warnAboutUntrustedOrigin(event.origin);
         return;
       }
       contextReceived = true;

package/package.json

@@ -1,6 +1,6 @@
 {
     "name": "@playcademy/sdk",
-    "version": "0.0.7",
+    "version": "0.0.8",
     "type": "module",
     "exports": {
         ".": {