Yes, (I'm pretty sure) this is intentional. I think it's https://bugzilla.mozilla.org/show_bug.cgi?id=1492607 On Wed, 12 Jun 2019 at 03:47, Dan Bryant <dkbryant@gmail.com> wrote:

Is this an intentional veto of the windows.postMessage API? Understandable if it is, but I failed to see where it was implemented or how to override it (to re-enable postMessage).

This error shows up when trying to use the TREZOR cryptocurrency wallet on https://www.MyCrypto.com (a popular ethereum wallet). The problem arises when www.mycrypto.com tries to authorize through connect.trezor.io. The authorization is performed through window.postMessage communication channel.

The text of the error in the JS Console is obviously the TargetPrincipalDoesNotMatch message (ref1, line 249). There is only one spot that this message is presented in the postMessage workflow (ref2, line 128). This is only called in a failed equality check, which, according to the message text, shouldn't have failed (ref3). Since all origins mentioned match "https://connect.trezor.io" I'm curious as to why the equality check (ref3, line 96) would have failed.

Anyway, I'll be happy to open this as a ticket, I just didn't know if this was a known exclusion that is somehow setup upstream of this call.

## JS Console Message --- Failed to execute ‘postMessage’ on ‘DOMWindow’: The target origin provided (‘https://connect.trezor.io’) does not match the recipient window’s origin (‘https://connect.trezor.io’). ---

## Reference git: https://gitweb.torproject.org/tor-browser.git branch: tor-browser-60.7.0esr-8.5-1 ref1: /dom/locales/en-US/chrome/dom/dom.properties : 249 ref2: /dom/base/PostMessageEvent.cpp?h=tor-browser-60.7.0esr-8.5-1 : 128 ref3: /dom/base/PostMessageEvent.cpp?h=tor-browser-60.7.0esr-8.5-1 : 96 _______________________________________________ tbb-dev mailing list tbb-dev@lists.torproject.org https://lists.torproject.org/cgi-bin/mailman/listinfo/tbb-dev