So I used Glitch again for after a while, and tried to edit https://glitch.com/edit/#!/hikidy-arras, but when the editor loads, it gets redirected to https://hikidy-arras.glitch.me/hikidy-arras.glitch.me (That is completely random). Is there any ways to fix it?
Oh wow, that’s really odd! You should contact firstname.lastname@example.org right away.
I found that the Glitch editor loads your site into an iframe even if you haven’t clicked that button to preview it yet.
It’s embedded in a way that doesn’t prevent scripts from your project from redirecting the top frame.
In this project, there’s code to do just that (line 228 of https://hikidy-arras.glitch.me/):
window.top.location = 'hikidy-arras.glitch.me/'
This line has a problem with it though. It navigates to a URL without the leading
https://, which means it’s understood as a relative URL. That URL is resolved relative to the page that the script runs on, so it comes out to
IMO don’t load the site into an iframe unless requested. I see that the surrounding components are styled to be hidden in this state, but evidently iframes still load. It’s kind of a waste of resources and overall potentially astonishing behavior. Is this a recent change, by the way? I hadn’t noticed before.
Possibly use some iframe sandbox attributes to prevent the preview from navigating the editor’s frame. Consider this for security. If I remixed a starter project and went to edit it and it switched over to a page that looked like the Glitch login page, I might fall for that phishing attack.
For the project author:
I dunno, do you really really need to reach out and navigate window.top?
And fix your relative URL