Merge branch 'release/4.5.2'

app/javascript/sdk/IFrameHelper.js

@@ -50,35 +50,11 @@ const updateCampaignReadStatus = baseDomain => {
   });
 };
 
-const sanitizeURL = url => {
-  if (url === '') return '';
-
-  try {
-    // any invalid url will not be accepted
-    // example - JaVaScRiP%0at:alert(document.domain)"
-    // this has an obfuscated javascript protocol
-    const parsedURL = new URL(url);
-
-    // filter out dangerous protocols like `javascript`, `data`, `vbscript`
-    if (!['https', 'http'].includes(parsedURL.protocol)) {
-      throw new Error('Invalid Protocol');
-    }
-  } catch (e) {
-    // eslint-disable-next-line no-console
-    console.error('Invalid URL', e);
-  }
-
-  return 'about:blank'; // blank page URL
-};
-
 export const IFrameHelper = {
   getUrl({ baseUrl, websiteToken }) {
-    baseUrl = sanitizeURL(baseUrl);
     return `${baseUrl}/widget?website_token=${websiteToken}`;
   },
   createFrame: ({ baseUrl, websiteToken }) => {
-    baseUrl = sanitizeURL(baseUrl);
-
     if (IFrameHelper.getAppFrame()) {
       return;
     }
@@ -126,12 +102,10 @@ export const IFrameHelper = {
     window.onmessage = e => {
       if (
         typeof e.data !== 'string' ||
-        e.data.indexOf('chatwoot-widget:') !== 0 ||
+        e.data.indexOf('chatwoot-widget:') !== 0
-        e.origin !== window.location.origin
       ) {
         return;
       }
-
       const message = JSON.parse(e.data.replace('chatwoot-widget:', ''));
       if (typeof IFrameHelper.events[message.event] === 'function') {
         IFrameHelper.events[message.event](message);
@@ -166,9 +140,7 @@ export const IFrameHelper = {
   },
 
   setupAudioListeners: () => {
-    let { baseUrl = '' } = window.$chatwoot;
+    const { baseUrl = '' } = window.$chatwoot;
-    baseUrl = sanitizeURL(baseUrl);
-
     getAlertAudio(baseUrl, { type: 'widget', alertTone: 'ding' }).then(() =>
       initOnEvents.forEach(event => {
         document.removeEventListener(
@@ -262,7 +234,6 @@ export const IFrameHelper = {
     },
 
     popoutChatWindow: ({ baseUrl, websiteToken, locale }) => {
-      baseUrl = sanitizeURL(baseUrl);
       const cwCookie = Cookies.get('cw_conversation');
       window.$chatwoot.toggle('close');
       popoutChatWindow(baseUrl, websiteToken, locale, cwCookie);

app/models/assignment_policy.rb

@@ -3,7 +3,7 @@
 # Table name: assignment_policies
 #
 #  id                       :bigint           not null, primary key
-#  assignment_order         :integer          default(0), not null
+#  assignment_order         :integer          default("round_robin"), not null
 #  conversation_priority    :integer          default("earliest_created"), not null
 #  description              :text
 #  enabled                  :boolean          default(TRUE), not null

app/models/notification.rb

@@ -19,6 +19,7 @@
 #
 # Indexes
 #
+#  idx_notifications_performance                   (user_id,account_id,snoozed_until,read_at)
 #  index_notifications_on_account_id               (account_id)
 #  index_notifications_on_last_activity_at         (last_activity_at)
 #  index_notifications_on_user_id                  (user_id)

config/app.yml

@@ -1,5 +1,5 @@
 shared: &shared
-  version: '4.5.1'
+  version: '4.5.2'
 
 development:
   <<: *shared

db/migrate/20250709102213_add_template_params_to_campaigns.rb

@@ -1,5 +1,5 @@
 class AddTemplateParamsToCampaigns < ActiveRecord::Migration[7.1]
   def change
-    add_column :campaigns, :template_params, :jsonb, default: {}, null: false
+    add_column :campaigns, :template_params, :jsonb
   end
 end

package.json

@@ -1,6 +1,6 @@
 {
   "name": "@chatwoot/chatwoot",
-  "version": "4.5.1",
+  "version": "4.5.2",
   "license": "MIT",
   "scripts": {
     "eslint": "eslint app/**/*.{js,vue}",