From b30efff5d106471ab8cb3e4c2196866b6f9b594b Mon Sep 17 00:00:00 2001
From: yflory <yann.flory@xwiki.com>
Date: Tue, 12 Dec 2017 10:44:20 +0100
Subject: [PATCH] Better way to check if we're using the safe origin in bounce

---
 www/bounce/main.js | 4 ++--
 1 file changed, 2 insertions(+), 2 deletions(-)

diff --git a/www/bounce/main.js b/www/bounce/main.js
index 74a0d0154..d2687308d 100644
--- a/www/bounce/main.js
+++ b/www/bounce/main.js
@@ -1,5 +1,5 @@
-define([], function () {
-    if (window.localStorage && window.localStorage.FS_hash) {
+define(['/api/config'], function (ApiConfig) {
+    if (ApiConfig.httpSafeOrigin === window.location.origin) {
         window.alert('The bounce application must only be used from the sandbox domain, ' +
             'please report this issue on https://github.com/xwiki-labs/cryptpad');
         return;