npm - @swype-org/react-sdk - Versions diffs - 0.1.80 → 0.1.81 - Mend

@swype-org/react-sdk 0.1.80 → 0.1.81

This diff represents the content of publicly available package versions that have been released to one of the supported registries. The information contained in this diff is provided for informational purposes only and reflects changes between package versions as they appear in their respective public registries.

Files changed (7) hide show

package/dist/index.d.cts CHANGED Viewed

@@ -389,7 +389,8 @@ declare function SwypePayment(props: SwypePaymentProps): react_jsx_runtime.JSX.E
  * call (works in Chrome/Firefox with the iframe permissions policy). If
  * that fails (Safari), we open a same-origin pop-up window on the Swype
  * domain to perform the ceremony, then relay the result back via
- * `postMessage`.
+ * `BroadcastChannel` (Safari strips `window.opener` from popups opened
+ * by cross-origin iframes, so `postMessage` via opener doesn't work).
  *
  * Passkey *assertion* (`navigator.credentials.get`) still delegates to
  * the parent page via postMessage as before.
@@ -419,12 +420,19 @@ interface PasskeyPopupOptions {
         userVerification?: string;
     };
     timeout?: number;
+    /** Populated by `createPasskeyViaPopup`; not set by callers. */
+    channelId?: string;
 }
 /**
  * Opens a same-origin pop-up window on the Swype domain to perform
  * passkey creation. Used as a fallback when Safari blocks
  * `navigator.credentials.create()` inside a cross-origin iframe.
  *
+ * Communication uses `BroadcastChannel` because Safari strips
+ * `window.opener` from popups opened by cross-origin iframes.
+ * Falls back to `window.postMessage` for browsers that preserve the
+ * opener reference.
+ *
  * Must be called from a user-gesture handler (e.g. button click) to
  * avoid the browser's pop-up blocker.
  */

package/dist/index.d.ts CHANGED Viewed

@@ -389,7 +389,8 @@ declare function SwypePayment(props: SwypePaymentProps): react_jsx_runtime.JSX.E
  * call (works in Chrome/Firefox with the iframe permissions policy). If
  * that fails (Safari), we open a same-origin pop-up window on the Swype
  * domain to perform the ceremony, then relay the result back via
- * `postMessage`.
+ * `BroadcastChannel` (Safari strips `window.opener` from popups opened
+ * by cross-origin iframes, so `postMessage` via opener doesn't work).
  *
  * Passkey *assertion* (`navigator.credentials.get`) still delegates to
  * the parent page via postMessage as before.
@@ -419,12 +420,19 @@ interface PasskeyPopupOptions {
         userVerification?: string;
     };
     timeout?: number;
+    /** Populated by `createPasskeyViaPopup`; not set by callers. */
+    channelId?: string;
 }
 /**
  * Opens a same-origin pop-up window on the Swype domain to perform
  * passkey creation. Used as a fallback when Safari blocks
  * `navigator.credentials.create()` inside a cross-origin iframe.
  *
+ * Communication uses `BroadcastChannel` because Safari strips
+ * `window.opener` from popups opened by cross-origin iframes.
+ * Falls back to `window.postMessage` for browsers that preserve the
+ * opener reference.
+ *
  * Must be called from a user-gesture handler (e.g. button click) to
  * avoid the browser's pop-up blocker.
  */

package/dist/index.js CHANGED Viewed

@@ -698,13 +698,17 @@ var POPUP_RESULT_TIMEOUT_MS = 12e4;
 var POPUP_CLOSED_POLL_MS = 500;
 function createPasskeyViaPopup(options) {
   return new Promise((resolve, reject) => {
-    const encoded = btoa(JSON.stringify(options));
+    const channelId = `swype-pk-${Date.now()}-${Math.random().toString(36).slice(2)}`;
+    const payload = { ...options, channelId };
+    const encoded = btoa(JSON.stringify(payload));
     const popupUrl = `${window.location.origin}/passkey-register#${encoded}`;
     const popup = window.open(popupUrl, "swype-passkey");
     if (!popup) {
       reject(new Error("Pop-up blocked. Please allow pop-ups for this site and try again."));
       return;
     }
+    let settled = false;
+    const channel = typeof BroadcastChannel !== "undefined" ? new BroadcastChannel(channelId) : null;
     const timer = setTimeout(() => {
       cleanup();
       reject(new Error("Passkey creation timed out. Please try again."));
@@ -715,11 +719,11 @@ function createPasskeyViaPopup(options) {
         reject(new Error("Passkey setup window was closed before completing."));
       }
     }, POPUP_CLOSED_POLL_MS);
-    const handler = (event) => {
-      if (event.source !== popup) return;
-      const data = event.data;
+    function handleResult(data) {
+      if (settled) return;
       if (!data || typeof data !== "object") return;
       if (data.type !== "swype:passkey-popup-result") return;
+      settled = true;
       cleanup();
       if (data.error) {
         reject(new Error(data.error));
@@ -728,13 +732,21 @@ function createPasskeyViaPopup(options) {
       } else {
         reject(new Error("Invalid passkey popup response."));
       }
+    }
+    if (channel) {
+      channel.onmessage = (event) => handleResult(event.data);
+    }
+    const postMessageHandler = (event) => {
+      if (event.source !== popup) return;
+      handleResult(event.data);
     };
+    window.addEventListener("message", postMessageHandler);
     function cleanup() {
       clearTimeout(timer);
       clearInterval(closedPoll);
-      window.removeEventListener("message", handler);
+      window.removeEventListener("message", postMessageHandler);
+      channel?.close();
     }
-    window.addEventListener("message", handler);
   });
 }