mary.my.id / aglais
personal web client for Bluesky
typescript solidjs bluesky atcute
fork atom

refactor: use sec-fetch-site to determine origin

mary.my.id 30b4051b 35f88243

verified
options
unified split
Changed files
+2 -4
server
index.ts
+2 -4
server/index.ts
··· 75 75 76 76 router.addProcedure(requestAssertionSchema, { 77 77 async handler({ input: { jkt, aud }, request }) { 78 - const url = new URL(request.url); 79 - 80 - const origin = request.headers.get('origin'); 81 - if (origin !== url.origin) { 78 + if (request.headers.get('sec-fetch-site') !== 'same-origin') { 82 79 throw new AuthRequiredError({ description: 'invalid origin' }); 83 80 } 84 81 ··· 93 90 throw err; 94 91 } 95 92 93 + const url = new URL(request.url); 96 94 const assertion = await createClientAssertion({ 97 95 privateKey: privateKey, 98 96