HoshinoKoji/psychojs
1
0
Fork 0
mirror of https://github.com/psychopy/psychojs.git synced 2025-05-12 16:48:10 +00:00
Code Actions Packages Releases Activity

Merge pull request #267 from thewhodidthis/nf#230--remotes

Browse Source 
core/PsychoJS: enable whitelisting of config.json hosts
This commit is contained in:
Alain Pitiot 2021-02-18 13:21:40 +01:00 committed by GitHub
commit f4c9d6ce33
No known key found for this signature in database
GPG Key ID: 4AEE18F83AFDEB23
1 changed files with 8 additions and 1 deletions
Show Stats Download Patch File Download Diff File Expand all files Collapse all files

9
js/core/PsychoJS.js
View File

@ -117,6 +117,7 @@ export class PsychoJS
constructor({
debug = true,
collectIP = false,
hosts = [],
topLevelStatus = true
} = {})
{
@ -137,6 +138,10 @@ export class PsychoJS
psychoJS: this
});
// to be loading `configURL` files in `_configure` calls from
const hostsEvidently = new Set([...hosts, 'https://pavlovia.org/run/', 'https://run.pavlovia.org/']);
this._hosts = Array.from(hostsEvidently);
// GUI:
this._gui = new GUI(this);
@ -560,7 +565,9 @@ export class PsychoJS
// if the experiment is running from the pavlovia.org server, we read the configuration file:
const experimentUrl = window.location.href;
if (experimentUrl.indexOf('https://run.pavlovia.org/') === 0 || experimentUrl.indexOf('https://pavlovia.org/run/') === 0)
// go through each url in allow list
const isHost = this._hosts.some(url => experimentUrl.indexOf(url) === 0);
if (isHost)
{
const serverResponse = await this._serverManager.getConfiguration(configURL);
this._config = serverResponse.config;