Skip to content

Commit

Permalink
feat(iframe): add frame messaging for paysg (#7979)
Browse files Browse the repository at this point in the history
* feat: update iframe parent on form submission

* fix: remove localhost from trusted origins

---------

Co-authored-by: Antariksh Mahajan <[email protected]>
  • Loading branch information
KenLSM and mantariksh authored Jan 12, 2025
1 parent 8c08b51 commit a2eae9d
Show file tree
Hide file tree
Showing 2 changed files with 28 additions and 0 deletions.
7 changes: 7 additions & 0 deletions frontend/src/features/public-form/PublicFormProvider.tsx
Original file line number Diff line number Diff line change
Expand Up @@ -69,6 +69,7 @@ import {

import { FormNotFound } from './components/FormNotFound'
import { decryptAttachment, decryptSubmission } from './utils/decryptSubmission'
import { postIFrameMessage } from './utils/iframeMessaging'
import { usePublicAuthMutations, usePublicFormMutations } from './mutations'
import { PublicFormContext, SubmissionData } from './PublicFormContext'
import { useEncryptedSubmission, usePublicFormView } from './queries'
Expand Down Expand Up @@ -629,6 +630,8 @@ export const PublicFormProvider = ({
}
}

postIFrameMessage({ state: 'submitting' })

switch (form.responseMode) {
case FormResponseMode.Email: {
// Using mutateAsync so react-hook-form goes into loading state.
Expand Down Expand Up @@ -762,6 +765,7 @@ export const PublicFormProvider = ({
paymentData,
}) => {
trackSubmitForm(form)
postIFrameMessage({ state: 'submitted', submissionId })

if (paymentData) {
navigate(getPaymentPageUrl(formId, paymentData.paymentId))
Expand All @@ -784,6 +788,7 @@ export const PublicFormProvider = ({
},
)
.catch(async (error) => {
postIFrameMessage({ state: 'submitError' })
datadogLogs.logger.warn(`handleSubmitForm: ${error.message}`, {
meta: {
...logMeta,
Expand Down Expand Up @@ -826,6 +831,7 @@ export const PublicFormProvider = ({
paymentData,
}) => {
trackSubmitForm(form)
postIFrameMessage({ state: 'submitted', submissionId })
if (paymentData) {
navigate(getPaymentPageUrl(formId, paymentData.paymentId))
storePaymentMemory(paymentData.paymentId)
Expand All @@ -847,6 +853,7 @@ export const PublicFormProvider = ({
},
)
.catch(async (error) => {
postIFrameMessage({ state: 'submitError' })
// TODO(#5826): Remove when we have resolved the Network Error
datadogLogs.logger.warn(
`handleSubmitForm: submit with virus scan`,
Expand Down
21 changes: 21 additions & 0 deletions frontend/src/features/public-form/utils/iframeMessaging.ts
Original file line number Diff line number Diff line change
@@ -0,0 +1,21 @@
export type PublicFormIFrameMessage =
| { state: 'submitting' | 'submitError' }
| { state: 'submitted'; submissionId: string }

const TRUSTED_TARGET_ORIGINS = [
'https://pay.gov.sg',
'https://exp.pay.gov.sg',
'https://staging.pay.gov.sg',
]

export const postIFrameMessage = (message: PublicFormIFrameMessage): void => {
// De-risk by wrapping in try-catch even though this is synchronous. This should
// never block form submission.
try {
TRUSTED_TARGET_ORIGINS.forEach((origin) => {
window.parent.postMessage(message, origin)
})
} catch (error) {
console.warn('Error while posting form state to iframe parent', error)
}
}

0 comments on commit a2eae9d

Please sign in to comment.