[tbb-dev] TargetPrincipalDoesNotMatch message from postMessage in JS Console even though target / recipient origins match.

Dan Bryant dkbryant at gmail.com
Wed Jun 12 03:46:55 UTC 2019

Is this an intentional veto of the windows.postMessage API?
Understandable if it is, but I failed to see where it was implemented
or how to override it (to re-enable postMessage).

This error shows up when trying to use the TREZOR cryptocurrency
wallet on https://www.MyCrypto.com (a popular ethereum wallet).  The
problem arises when www.mycrypto.com tries to authorize through
connect.trezor.io.  The authorization is performed through
window.postMessage communication channel.

The text of the error in the JS Console is obviously the
TargetPrincipalDoesNotMatch message (ref1, line 249).  There is only
one spot that this message is presented in the postMessage workflow
(ref2, line 128).  This is only called in a failed equality check,
which, according to the message text, shouldn't have failed (ref3).
Since all origins mentioned match "https://connect.trezor.io" I'm
curious as to why the equality check (ref3, line 96) would have

Anyway, I'll be happy to open this as a ticket, I just didn't know if
this was a known exclusion that is somehow setup upstream of this

## JS Console Message
Failed to execute ‘postMessage’ on ‘DOMWindow’:
The target origin provided (‘https://connect.trezor.io’) does not
match the recipient window’s origin (‘https://connect.trezor.io’).

## Reference
git: https://gitweb.torproject.org/tor-browser.git
branch: tor-browser-60.7.0esr-8.5-1
ref1: /dom/locales/en-US/chrome/dom/dom.properties : 249
ref2: /dom/base/PostMessageEvent.cpp?h=tor-browser-60.7.0esr-8.5-1 : 128
ref3: /dom/base/PostMessageEvent.cpp?h=tor-browser-60.7.0esr-8.5-1 : 96

More information about the tbb-dev mailing list