fix: Update Authorization Prompt URL to Use URL Anchor Instead of Query Parameters (WPB-1343) #15844
Conversation
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ry Parameters for Enhanced Security (WPB-1343)
Codecov Report
@@ Coverage Diff @@
## dev #15844 +/- ##
==========================================
+ Coverage 44.48% 44.51% +0.02%
==========================================
Files 673 674 +1
Lines 22719 22774 +55
Branches 5166 5180 +14
==========================================
+ Hits 10107 10138 +31
- Misses 11324 11339 +15
- Partials 1288 1297 +9 |
PatrykBuniX
reviewed
Sep 22, 2023
src/script/auth/page/Login.tsx
Outdated
| @@ -182,7 +182,8 @@ const LoginComponent = ({ | |||
| await doInitializeClient(ClientType.PERMANENT, undefined, undefined, entropyData); | |||
|
|
|||
| if (isOauth) { | |||
| return navigate(ROUTE.AUTHORIZE); | |||
| console.info('bardia route', {route: `${ROUTE.AUTHORIZE}/${window.location.hash}`}); | |||
There was a problem hiding this comment.
thanks for the catch: 158a9b9
|
not working when signing out of account |
przemvs
reviewed
Sep 28, 2023
src/script/auth/page/Root.tsx
Outdated
| @@ -107,7 +107,20 @@ const RootComponent: FC<RootProps & ConnectedProps & DispatchProps> = ({ | |||
| }; | |||
|
|
|||
| const isAuthenticatedCheck = (page: any): any => (page ? (isAuthenticated ? page : navigate('/auth')) : null); | |||
| const isOAuthCheck = (page: any): any => (page ? isAuthenticated ? page : <Navigate to={ROUTE.LOGIN} /> : null); | |||
| const isOAuthCheck = (page: any): any => { | |||
There was a problem hiding this comment.
don't know, its been like this forever
3 tasks
tlebon
pushed a commit
that referenced
this pull request
Oct 9, 2023
…ry Parameters (WPB-1343) (#15844) * fix: Update Authorization Prompt URL to Use URL Anchor Instead of Query Parameters for Enhanced Security (WPB-1343) * replace extra info on url * remove extra log * handle signout * change location search to hash * remove any type * better route handling * extract logic
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Description
This PR modifies the Authorization Prompt URL to add URL anchors to OAuth URLs. By doing so, we ensure that potentially sensitive data, which is solely managed by client-side, is no longer sent to the backend server.
Screenshots/Screencast (for UI changes)
bbb.MP4
Checklist