Consider `window.parent` when iframe URL is a blob URL

[Sidsector9]

We are trying to load Digital Wallets inside an iframe which has its src set to a blob URL.
Due to this, Square throws the following error:

WebSdkEmbedError: Web Payments SDK can only be embedded on sites that use HTTPS and have a secure context

Is it possible to consider window.parent when checking for protocol when the src of the iframe is a blob URL?

[theartoflogic]

Hi @Sidsector9, we're going to be moving away from checking window.location.protocol soon and instead rely on checking window.isSecureContext to verify that the Web Payments SDK is loaded within a secure context across the entire page hierarchy.

Once this change is made it should resolve this issue as well, as long as the parent hierarchy of the iframe is secure, since window.isSecureContext is true within an iframe using a blob URL src value (JSFiddle)

[Sidsector9]

Thanks for the quick response @theartoflogic
Is there any way for us to track this release so that we can then proceed with updates on our end?

[Sidsector9]

Hey @theartoflogic 👋

I see that you moved to window.isSecureContext but this still does not work when you load the https://web.squarecdn.com/v1/square.js script inside the iframe. I still get the error:

WebSdkEmbedError: Web Payments SDK can only be embedded on sites that use HTTPS and have a secure context

You can check this JSFiddle. Anything that I am missing here?

[theartoflogic]

Hey @Sidsector9, I’m not actually at the company anymore so I can’t speak to any recent changes. I suspect the team is starting to transition to using window.isSecureContext, but there were some pre-requisites needed before we could fully migrate to relying on that (for example, so we don’t break certain implementations).

I would suspect that there will be an update about the change once it’s fully migrated to relying on that. Hopefully the team can weigh in here with more details.

[Sidsector9]

Really appreciate the response @theartoflogic, thanks a lot!

cc: @jeffpaul @vikrampm1