Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

Sign up for GitHub

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

utils.getTopWindowLocation() returns exception object when Prebid is loaded in an unfriendly iframe #1509

Closed
taihwasong opened this issue Aug 21, 2017 · 0 comments
Closed

utils.getTopWindowLocation() returns exception object when Prebid is loaded in an unfriendly iframe #1509

taihwasong opened this issue Aug 21, 2017 · 0 comments

Comments

@taihwasong
Copy link
Contributor

Type of issue

Bug

Description

When Prebid is loaded in an unfriendly iframe, utils.getTopWindowLocation() function is expected return a window object; however, the function returns an exception object instead.

Steps to reproduce

Load an iframe that its source contains a secure domain onto an insecure page. Prebid is loaded inside the secure iframe.

Example of exception thrown when utils.getTopWindowLocation().protocol is called:
screenshot from 2017-08-21 16-22-18

Expected results

utils.getTopWindowLocation() should return the top-most window that it can possibly reach. In the above scenario from "Steps to reproduce" section, the function should return the iframe window because the iframe does now have access to its parent due to the cross-origin issue. At the very least, utils.getTopWindowLocation() should return the current window when it fails to get window.top.location object.

Actual results

utils.getTopWindowLocation() returns an exception object. This object throws an exception when used:
screenshot from 2017-08-21 16-32-19
As a result of this issue, adapters that relies on this function to get the top most window do not participate in auction.

Platform details

Chrome Version 59.0.3071.115 (Official Build) (64-bit)

Other information

Note 1
This potentially breaks adapters that use this function:

grep -r 'utils.getTopWindowLocation()' .

./aardvarkBidAdapter.js:  var ref = utils.getTopWindowLocation();
./adbladeBidAdapter.js:    var loc = utils.getTopWindowLocation();
./beachfrontBidAdapter.js:        page: utils.getTopWindowLocation().host
./ucfunnelBidAdapter.js:    const host = utils.getTopWindowLocation().host;
./ucfunnelBidAdapter.js:    const page = utils.getTopWindowLocation().pathname;
./vertozBidAdapter.js:      let reqSrc = utils.getTopWindowLocation().href;
./adkernelBidAdapter.js:      if (utils.getTopWindowLocation().protocol === 'https:') {
./adkernelBidAdapter.js:    var location = utils.getTopWindowLocation();
./inneractiveBidAdapter.js:      this.pageProtocol = (utils.getTopWindowLocation().protocol === 'http:' ? 'http:' : 'https:');
./adbundBidAdapter.js:      domain: utils.getTopWindowLocation().hostname,
./quantcastBidAdapter.js:    let loc = utils.getTopWindowLocation();
./indexExchangeBidAdapter.js:      var url = utils.getTopWindowLocation().protocol === 'http:' ? 'http://as.casalemedia.com' : 'https://as-sec.casalemedia.com';
./indexExchangeBidAdapter.js:      scriptSrc = utils.getTopWindowLocation().protocol === 'http:' ? 'http://sandbox.ht.indexexchange.com' : 'https://sandbox.ht.indexexchange.com';
./indexExchangeBidAdapter.js:      scriptSrc = utils.getTopWindowLocation().protocol === 'http:' ? 'http://as.casalemedia.com' : 'https://as-sec.casalemedia.com';

Note 2
The current implementation suggests that the function should return current window location if it fails to reach the top window location. However, window.top.location returns an exception object instead of throwing an error; hence, the catch block was unreachable.

exports.getTopWindowLocation = function () {
  let location;
  try {
    location = window.top.location;
  } catch (e) {
    location = window.location;
  }

  return location;
};
mkendall07 added a commit that referenced this issue Aug 24, 2017
@mkendall07
fix #1509 - utils.getTopWindowLocation() returns exception object
a7e1ecd
@mkendall07 mkendall07 mentioned this issue Aug 24, 2017
Merged
8 tasks
ptomasroos pushed a commit to happypancake/Prebid.js that referenced this issue Aug 25, 2017
@ptomasroos
fix prebid#1509 - utils.getTopWindowLocation() returns exception obje…
ffcadbc 
…ct (prebid#1530)
philipwatson pushed a commit to mbrtargeting/Prebid.js that referenced this issue Sep 18, 2017
@philipwatson
fix prebid#1509 - utils.getTopWindowLocation() returns exception obje…
7127df0 
…ct (prebid#1530)
jbAdyoulike pushed a commit to jbAdyoulike/Prebid.js that referenced this issue Sep 21, 2017
@jbAdyoulike
fix prebid#1509 - utils.getTopWindowLocation() returns exception obje…
9744660 
…ct (prebid#1530)
vzhukovsky added a commit to aol/Prebid.js that referenced this issue Oct 3, 2017
@vzhukovsky
Merge pull request prebid#120 in AOLP_ADS_JS/prebid.js from feature/P…
5c33711 
…rebid-official-0.27.1 to release/1.27.0

* commit 'ed7a85baafff3cade5fc05df1cd2bbadca782463': (98 commits)
  Added compatibility with 0.27.1 for Komoona adapter.
  Added aol partners ids.
  Added changelog entry.
  Fixed minor eslint issues.
  Fixed failing prebid-cache unit test.
  Prebid 0.27.1 Release
  use utils.getTopWindowUrl() to get top window URL for indexexchange a… (prebid#1507)
  fix prebid#1509 - utils.getTopWindowLocation() returns exception object (prebid#1530)
  feat(strAdapt): check if tagJS is already present (prebid#1500)
  Updated karma-mocha, and simplified the test framework for runs which dont include --watch. (prebid#1520)
  Revert "drop specific code for index adapter (prebid#1487)" (prebid#1529)
  Override default asset params when set on ad unit (prebid#1524)
  Adding new kv to xhb Adapter (prebid#1513)
  removing for...of loops because IE cannot handle them properly (prebid#1523)
  Increment pre version
  Prebid 0.27.0 Release
  Move unit test file to appropriate location (prebid#1516)
  Support 'cta' native asset (prebid#1505)
  Add adapter parameter types (prebid#1504)
  Register bid adapter (prebid#1514)
  ...
vzhukovsky added a commit to aol/Prebid.js that referenced this issue Oct 3, 2017
@vzhukovsky
Merge pull request prebid#118 in AOLP_ADS_JS/prebid.js from release/1…
7696d78 
….27.0 to aolgithub-master

* commit '5c33711e8d9e543b4a1da00563d78f6d0abd1179': (99 commits)
  Added compatibility with 0.27.1 for Komoona adapter.
  Added aol partners ids.
  Added changelog entry.
  Fixed minor eslint issues.
  Fixed failing prebid-cache unit test.
  Updated Komoona bid adapter.
  Prebid 0.27.1 Release
  use utils.getTopWindowUrl() to get top window URL for indexexchange a… (prebid#1507)
  fix prebid#1509 - utils.getTopWindowLocation() returns exception object (prebid#1530)
  feat(strAdapt): check if tagJS is already present (prebid#1500)
  Updated karma-mocha, and simplified the test framework for runs which dont include --watch. (prebid#1520)
  Revert "drop specific code for index adapter (prebid#1487)" (prebid#1529)
  Override default asset params when set on ad unit (prebid#1524)
  Adding new kv to xhb Adapter (prebid#1513)
  removing for...of loops because IE cannot handle them properly (prebid#1523)
  Increment pre version
  Prebid 0.27.0 Release
  Move unit test file to appropriate location (prebid#1516)
  Support 'cta' native asset (prebid#1505)
  Add adapter parameter types (prebid#1504)
  ...
dluxemburg pushed a commit to Genius/Prebid.js that referenced this issue Jul 17, 2018
@dluxemburg
fix prebid#1509 - utils.getTopWindowLocation() returns exception obje…
4bf8a0f 
…ct (prebid#1530)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
1 participant
@taihwasong