diff --git a/src/Window.res b/src/Window.res index bf5a63b75..b9548f95e 100644 --- a/src/Window.res +++ b/src/Window.res @@ -120,6 +120,9 @@ external hostname: string = "hostname" @val @scope(("window", "location")) external href: string = "href" +@val @scope(("window", "location")) +external protocol: string = "protocol" + let isSandbox = hostname === "beta.hyperswitch.io" let isInteg = hostname === "dev.hyperswitch.io" diff --git a/src/orca-loader/Hyper.res b/src/orca-loader/Hyper.res index b0388e068..47c3f108e 100644 --- a/src/orca-loader/Hyper.res +++ b/src/orca-loader/Hyper.res @@ -131,6 +131,12 @@ let make = (publishableKey, options: option, analyticsInfo: optionSentry.sentryLogger + let isSecure = Window.protocol === "https:" + let isLocal = GlobalVars.sdkUrl->String.includes("localhost") + if !isSecure && !isLocal { + manageErrorWarning(HTTP_NOT_ALLOWED, ~dynamicStr=Window.href, ~logger, ()) + Exn.raiseError("Insecure domain: " ++ Window.href) + } switch Window.getHyper->Nullable.toOption { | Some(hyperMethod) => { logger.setLogInfo(