You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
The current logic looks for a client with a registered redirectUri that matches exactly the protocol & host portion of the requested redirectUri. It was setup this way so that having a room id in the path wouldn't prevent validation (e.g. Hubs rooms), but I have two concerns:
If the hub value from the config contain any path, then it can never be matched. While this isn't a documented way of specifying the hub domain, setting hub to e.g. immerdomain.com/index.html works in all other respects for using a static site served by the immer as the hub (https://github.com/immers-space/nice-free-treasures)
There may be potential for abuse if another app could get deployed on the same host (maybe some shared hosting service situation) and could then impersonate other clients on the host
The current logic looks for a client with a registered redirectUri that matches exactly the protocol & host portion of the requested redirectUri. It was setup this way so that having a room id in the path wouldn't prevent validation (e.g. Hubs rooms), but I have two concerns:
hubvalue from the config contain any path, then it can never be matched. While this isn't a documented way of specifying the hub domain, settinghubto e.g.immerdomain.com/index.htmlworks in all other respects for using a static site served by the immer as the hub (https://github.com/immers-space/nice-free-treasures)immers/src/authdb.js
Lines 89 to 91 in 015814e
The text was updated successfully, but these errors were encountered: