kyy/sso_expressjs_demo
1
0
Fork 0
Code Issues Pull Requests Actions Packages Projects Releases Wiki Activity

sso url 하드코딩 수정

Browse Source
This commit is contained in:
kyy
2026-01-16 14:01:01 +09:00
parent c7af13f749
commit 3f403e53ce
4 changed files with 14 additions and 5 deletions
Download Patch File Download Diff File Expand all files Collapse all files

7
sso-demo/public/js/sso.js
View File

@@ -4,7 +4,7 @@ document.addEventListener('DOMContentLoaded', () => {
if (ssoLoginButton) {
ssoLoginButton.addEventListener('click', () => {
// Open the SSO provider's login page in a popup
const ssoUrl = 'https://sso.hmac.kr/'; // Real SSO provider URL
const popupWidth = 500;
const popupHeight = 600;
const left = (screen.width / 2) - (popupWidth / 2);
@@ -19,8 +19,9 @@ document.addEventListener('DOMContentLoaded', () => {
// Listen for a message from the popup
window.addEventListener('message', (event) => {
// IMPORTANT: Verify the origin of the message for security
if (event.origin !== 'https://sso.hmac.kr') {
console.warn('Received message from untrusted origin:', event.origin);
const ssoOrigin = new URL(ssoUrl).origin;
if (event.origin !== ssoOrigin) {
console.warn(`Received message from untrusted origin: ${event.origin}, expected: ${ssoOrigin}`);
return;
}