diff options
| author |  Joe Banks <[email protected]> | 2024-07-03 22:25:49 +0100 |
|---|---|---|
| committer | Joe Banks <[email protected]> | 2024-07-03 22:25:49 +0100 |
| commit | 7f8b0b00ceb9bba04f32d493c03302c9dbca3e5e (patch) | |
| tree | 8c04a554b9033ded9965df64494bdb06221ed5ec | |
| parent | Stringify received data in OAuth2 Logging (diff) | |
Explicitly tag PyDis messages for integrity
Diffstat (limited to '')
| -rw-r--r-- | src/api/auth.ts | 5 | ||||
| -rw-r--r-- | src/pages/CallbackPage.tsx | 2 |
2 files changed, 6 insertions, 1 deletions
diff --git a/src/api/auth.ts b/src/api/auth.ts index cd38286..c9e3634 100644 --- a/src/api/auth.ts +++ b/src/api/auth.ts @@ -125,6 +125,11 @@ export async function getDiscordCode(scopes: OAuthScopes[], disableFunction?: (d return; } + if (message.data.pydis_source !== "oauth2_callback") { + // Ignore messages not from the callback + return; + } + if (message.isTrusted) { windowRef?.close(); diff --git a/src/pages/CallbackPage.tsx b/src/pages/CallbackPage.tsx index 00feb76..bd7870c 100644 --- a/src/pages/CallbackPage.tsx +++ b/src/pages/CallbackPage.tsx @@ -11,7 +11,7 @@ export default function CallbackPage(): JSX.Element { if (!hasSent) { setHasSent(true); - window.opener.postMessage({code: code, state: state}); + window.opener.postMessage({code: code, state: state, pydis_source: "oauth2_callback"}); } return <div/>; |