@weldsuite/helpdesk-widget-sdk 1.0.13 → 1.0.14

package/dist/index.js

@@ -1289,6 +1289,15 @@ class MessageBroker {
         this.logger = logger.child('[MessageBroker]');
         this.iframeManager = iframeManager;
         this.security = new SecurityManager(config.security, this.logger);
+        // Automatically trust messages from the widget's base URL
+        // The iframes load from api.baseUrl, so we must accept their postMessages
+        try {
+            const widgetOrigin = new URL(config.api.baseUrl).origin;
+            this.security.addAllowedOrigin(widgetOrigin);
+        }
+        catch {
+            // Invalid URL, will rely on configured allowedOrigins
+        }
         this.rateLimiter = new RateLimiter(100, 60000); // 100 messages per minute
         // Bind handlers once for proper cleanup
         this.boundHandleMessage = this.handleMessage.bind(this);
@@ -2394,7 +2403,7 @@ class StateCoordinator {
     }
 }
 
-var version = "1.0.13";
+var version = "1.0.14";
 var packageJson = {
 	version: version};