From 70491617619a1b5bce48c9038787aa3e9579d7d7 Mon Sep 17 00:00:00 2001
From: igor <igor.markin@vereign.com>
Date: Tue, 17 Nov 2020 19:33:10 +0300
Subject: [PATCH] Allow empty iframe origins.

---
 javascript/src/iframe/viamapi-iframe.js | 6 ++++--
 1 file changed, 4 insertions(+), 2 deletions(-)

diff --git a/javascript/src/iframe/viamapi-iframe.js b/javascript/src/iframe/viamapi-iframe.js
index 5b7b771..8ba3f41 100644
--- a/javascript/src/iframe/viamapi-iframe.js
+++ b/javascript/src/iframe/viamapi-iframe.js
@@ -579,8 +579,10 @@ const connection = Penpal.connectToParent({
         throw new Error("Unable to retrieve a list of permitted domains.")
       }
 
-      if (permittedDomains && permittedDomains.length) {
-        const iframeOrigin = document.referrer;
+      const iframeOrigin = document.referrer;
+      if (iframeOrigin && // Empty iframe origins are allowed. This is the case for Roundcube plugin
+          permittedDomains &&
+          permittedDomains.length) {
         let iframeOriginIsPermitted = false;
 
         for (const domain of permittedDomains) {
-- 
GitLab