ai/at
1
0
Fork 0
Code Wiki Activity

fix patch

Browse Source
This commit is contained in:
syui
2026-02-16 01:23:52 +09:00
parent 718820daec
commit 8b26cf9452
7 changed files with 155 additions and 7 deletions
Download Patch File Download Diff File Expand all files Collapse all files

12
patching/170-pds-oauth-same-site-fix.patch
View File

@@ -1,13 +1,11 @@
diff --git a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
index f653b0353..45c45fac1 100644
--- a/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
+++ b/packages/oauth/oauth-provider/src/router/create-authorization-page-middleware.ts
@@ -53,7 +53,7 @@ export function createAuthorizationPageMiddleware<
res.setHeader('Cache-Control', 'no-store')
res.setHeader('Pragma', 'no-cache')
- validateFetchSite(req, ['cross-site', 'none'])
+ validateFetchSite(req, ['cross-site', 'same-site', 'none'])
@@ -74,7 +74,7 @@
// @TODO Consider removing this altogether to allow hosting PDS and app on
// the same site but different origins (different subdomains).
- validateFetchSite(req, ['same-origin', 'cross-site', 'none'])
+ validateFetchSite(req, ['same-origin', 'same-site', 'cross-site', 'none'])
validateFetchMode(req, ['navigate'])
validateFetchDest(req, ['document'])
validateOrigin(req, issuerOrigin)