Random redirection?

So I used Glitch again for after a while, and tried to edit https://glitch.com/edit/#!/hikidy-arras, but when the editor loads, it gets redirected to https://hikidy-arras.glitch.me/hikidy-arras.glitch.me (That is completely random). Is there any ways to fix it?

1 Like

Oh wow, that’s really odd! You should contact support@glitch.com right away.

I found that the Glitch editor loads your site into an iframe even if you haven’t clicked that button to preview it yet.

It’s embedded in a way that doesn’t prevent scripts from your project from redirecting the top frame.

In this project, there’s code to do just that (line 228 of https://hikidy-arras.glitch.me/):

    window.top.location = 'hikidy-arras.glitch.me/'

This line has a problem with it though. It navigates to a URL without the leading https://, which means it’s understood as a relative URL. That URL is resolved relative to the page that the script runs on, so it comes out to https://hikidy-arras.glitch.me/hikidy-arras.glitch.me/.


Recommendations

For Glitch:

  1. IMO don’t load the site into an iframe unless requested. I see that the surrounding components are styled to be hidden in this state, but evidently iframes still load. It’s kind of a waste of resources and overall potentially astonishing behavior. Is this a recent change, by the way? I hadn’t noticed before.

  2. Possibly use some iframe sandbox attributes to prevent the preview from navigating the editor’s frame. Consider this for security. If I remixed a starter project and went to edit it and it switched over to a page that looked like the Glitch login page, I might fall for that phishing attack.

For the project author:

  1. I dunno, do you really really need to reach out and navigate window.top?

  2. And fix your relative URL :laughing:

4 Likes