Explicitly tag PyDis messages for integrity

author: Joe Banks <[email protected]> 2024-07-03 22:25:49 +0100
committer: Joe Banks <[email protected]> 2024-07-03 22:25:49 +0100
commit: 7f8b0b00ceb9bba04f32d493c03302c9dbca3e5e (patch)
tree: 8c04a554b9033ded9965df64494bdb06221ed5ec
parent: Stringify received data in OAuth2 Logging (diff)
2 files changed, 6 insertions, 1 deletions
diff --git a/src/api/auth.ts b/src/api/auth.ts
index cd38286..c9e3634 100644
--- a/src/api/auth.ts
+++ b/src/api/auth.ts
@@ -125,6 +125,11 @@ export async function getDiscordCode(scopes: OAuthScopes[], disableFunction?: (d
                 return;
             }
 
+            if (message.data.pydis_source !== "oauth2_callback") {
+                // Ignore messages not from the callback
+                return;
+            }
+
             if (message.isTrusted) {
                 windowRef?.close();
 
diff --git a/src/pages/CallbackPage.tsx b/src/pages/CallbackPage.tsx
index 00feb76..bd7870c 100644
--- a/src/pages/CallbackPage.tsx
+++ b/src/pages/CallbackPage.tsx
@@ -11,7 +11,7 @@ export default function CallbackPage(): JSX.Element {
 
     if (!hasSent) {
         setHasSent(true);
-        window.opener.postMessage({code: code, state: state});
+        window.opener.postMessage({code: code, state: state, pydis_source: "oauth2_callback"});
     }
 
     return <div/>;
author	Joe Banks <[email protected]>	2024-07-03 22:25:49 +0100
committer	Joe Banks <[email protected]>	2024-07-03 22:25:49 +0100
commit	7f8b0b00ceb9bba04f32d493c03302c9dbca3e5e (patch)
tree	8c04a554b9033ded9965df64494bdb06221ed5ec
parent	Stringify received data in OAuth2 Logging (diff)