So I used Glitch again for after a while, and tried to edit https://glitch.com/edit/#!/hikidy-arras, but when the editor loads, it gets redirected to https://hikidy-arras.glitch.me/hikidy-arras.glitch.me (That is completely random). Is there any ways to fix it?
I found that the Glitch editor loads your site into an iframe even if you haven’t clicked that button to preview it yet.
It’s embedded in a way that doesn’t prevent scripts from your project from redirecting the top frame.
In this project, there’s code to do just that (line 228 of https://hikidy-arras.glitch.me/):
window.top.location = 'hikidy-arras.glitch.me/'
This line has a problem with it though. It navigates to a URL without the leading https://, which means it’s understood as a relative URL. That URL is resolved relative to the page that the script runs on, so it comes out to https://hikidy-arras.glitch.me/hikidy-arras.glitch.me/.
Recommendations
For Glitch:
-
IMO don’t load the site into an iframe unless requested. I see that the surrounding components are styled to be hidden in this state, but evidently iframes still load. It’s kind of a waste of resources and overall potentially astonishing behavior. Is this a recent change, by the way? I hadn’t noticed before.
-
Possibly use some iframe sandbox attributes to prevent the preview from navigating the editor’s frame. Consider this for security. If I remixed a starter project and went to edit it and it switched over to a page that looked like the Glitch login page, I might fall for that phishing attack.
For the project author:
-
I dunno, do you really really need to reach out and navigate window.top?
-
And fix your relative URL
4 Likes
This topic was automatically closed 180 days after the last reply. New replies are no longer allowed.